[OpenID] PKI
Dave Kearns
dkearns at gmail.com
Wed Jan 24 21:19:21 UTC 2007
I'm sure you're fascinated by the "yes it is; no it's not" bragging match
over PKI. But this isn't the PKI discussion list, is it? I'd really like to
see people get back to talking about OpenID - which is contentious enough as
it is!.
-dave
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]On
> Behalf Of James A. Donald
> Sent: Wednesday, January 24, 2007 1:09 PM
> To: Hallam-Baker, Phillip
> Cc: openid-general; heraldry-dev at incubator.apache.org
> Subject: Re: [OpenID] PKI
>
>
> --
> Hallam-Baker, Phillip wrote:
> > PKI is being successful at allowing users to identify
> > organizations. That is currently the most important
> > task in stopping phishing attacks where the phishing
> > gang is impersonating the bank.
>
> No it is not.
>
> For example, for a long time e-gold had certificate that
> contained organization information that would have been
> meaningless and surprising to most users, had they
> looked at it, which obviously they did not, and for some
> time their organization information pointed to an
> expired shell company.
>
> None of this had the slightest effect on their business.
>
> End users simply are not looking at the organization
> information, and if they did, then in many cases they
> would be surprised, confused, and misled.
>
> > PKI is also used in a billion smart cards to
> > authenticate customers to their bank in the European
> > Chip and PIN scheme.
> >
> > These are billion dollar plus infrastructures that
> > secure trillions of dollars of trade annually. That is
> > a success. There being no identity infrastructure
> > ubiquitously deployed in the Internet we cannot make
> > any conclusion as to the relative advantages of
> > different primary authentication schemes. The lack of
> > such an infrastructure to date appears to be due to
> > lack of perceived demand rather than lack of
> > technology.
> >
> > The user authentication support in SSL was an
> > afterthought, the user experience miserably executed
> > and poorly thought out. CardSpace changes that.
>
> The user hostile experience is inherent in third party
> true name idenfification. Cardspace merely shifts the
> user hostility to a different part of the process. Our
> primary reason to support proof of truename is to
> provide proof of relationship, and true names are an
> inherently clumsy way of doing his - hence the
> propensity of businesses to concoct true names that are
> obscure and little known, and the irritation of
> consumers when asked to provide proof of true name.
>
> --digsig
> James A. Donald
> 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
> dpcbOHXyE+NwMYsvDNWT1cB2r3j/EhswL1O9+CbO
> 4wm9LikXKHyU8FmdwiNVEkXLKiMSdNqphphWPecs1
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list