[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
James A. Donald
jamesd at echeque.com
Wed Jan 24 03:33:19 UTC 2007
--
Ka-Ping Yee [mailto:openid at zesty.ca]
>> In practice SSL is primarily used to establish an
>> encrypted channel between endpoints, not to establish
>> reliable reciprocal identification. Given that almost
>> no users pay any attention to certificates, what
>> reason do we have to believe that SSL succeeds
>> because of PKI, rather than in spite of it?
Hallam-Baker, Phillip
> SSL achieves the original security goals set for it.
Which were defined to fit what PKI does, not what the
user needs.
The user needs proof of relationship, not proof of true
name.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
qVkusWoDPirkBhjZe5MXwUDyBHO4LxZCWStLyKpA
4JVAsnPJ0MmTZsUwSsCOYR37FKrlG3DPXGBozt+Kh
More information about the general
mailing list