[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
pbaker at verisign.com
Tue Jan 23 01:54:49 UTC 2007
I said that PKI was successful and that SSL fulfilled its goals.
I did not say that the goals of PKI had been fullfilled nor is that relevant in the slightest. PKI works, it is a useful tool. The only people who don't accept that are people who never understood PKI or what it might be used for and so imagined a set of strawman goals that were idiotic, impossible and not suprisingly never fullfilled.
SSL uses PKI, so does PGP. Even SSH uses a limited form of PKI.
There is a competitive market in CA services.
> -----Original Message-----
> From: Ka-Ping Yee [mailto:google at zesty.ca]
> Sent: Monday, January 22, 2007 7:56 PM
> To: Hallam-Baker, Phillip
> Cc: James A. Donald; Ben Laurie; openid-general;
> heraldry-dev at incubator.apache.org
> Subject: RE: [OpenID] Announcing OpenID Authentication 2.0 -
> Implementor'sDraft 11
> On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
> > SSL achieves the original security goals set for it.
> > SSL does not achieve every security goal, that is not a failure.
> > Certainly there are no grounds for the claim PKI has failed when it
> > has succeeded in its original limited goals.
> You appear to be making the claim that PKI has been successful.
> I'm asking for the grounds for your claim.
> SSL and PKI are not the same thing; the widespread adoption
> of SSL does not imply that PKI has achieved its goals. To
> back up your claim, could you state what you believe PKI is
> supposed to achieve, and how you know that it has been
> successful at achieving that?
> As far as I know, the goal of PKI is to establish a party's identity.
> But SSL, the application of PKI that you highlight as a
> success story, fails to prevent impersonation. That to me is
> a failure of PKI.
> Did you have a different goal in mind?
> -- ?!ng
More information about the general