[OpenID] PKI

Dave Kearns dkearns at gmail.com
Wed Jan 24 21:19:21 UTC 2007 

I'm sure you're fascinated by the "yes it is; no it's not" bragging match
over PKI. But this isn't the PKI discussion list, is it? I'd really like to
see people get back to talking about OpenID - which is contentious enough as
it is!.

-dave

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]On
> Behalf Of James A. Donald
> Sent: Wednesday, January 24, 2007 1:09 PM
> To: Hallam-Baker, Phillip
> Cc: openid-general; heraldry-dev at incubator.apache.org
> Subject: Re: [OpenID] PKI
>
>
>      --
> Hallam-Baker, Phillip wrote:
>  > PKI is being successful at allowing users to identify
>  > organizations. That is currently the most important
>  > task in stopping phishing attacks where the phishing
>  > gang is impersonating the bank.
>
> No it is not.
>
> For example, for a long time e-gold had certificate that
> contained organization information that would have been
> meaningless and surprising to most users, had they
> looked at it, which obviously they did not, and for some
> time their organization information pointed to an
> expired shell company.
>
> None of this had the slightest effect on their business.
>
> End users simply are not looking at the organization
> information, and if they did, then in many cases they
> would be surprised, confused, and misled.
>
>  > PKI is also used in a billion smart cards to
>  > authenticate customers to their bank in the European
>  > Chip and PIN scheme.
>  >
>  > These are billion dollar plus infrastructures that
>  > secure trillions of dollars of trade annually. That is
>  > a success.  There being no identity infrastructure
>  > ubiquitously deployed in the Internet we cannot make
>  > any conclusion as to the relative advantages of
>  > different primary authentication schemes. The lack of
>  > such an infrastructure to date appears to be due to
>  > lack of perceived demand rather than lack of
>  > technology.
>  >
>  > The user authentication support in SSL was an
>  > afterthought, the user experience miserably executed
>  > and poorly thought out. CardSpace changes that.
>
> The user hostile experience is inherent in third party
> true name idenfification.  Cardspace merely shifts the
> user hostility to a different part of the process.   Our
> primary reason to support proof of truename is to
> provide proof of relationship, and true names are an
> inherently clumsy way of doing his - hence the
> propensity of businesses to concoct true names that are
> obscure and little known, and the irritation of
> consumers when asked to provide proof of true name.
>
>      --digsig
>           James A. Donald
>       6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
>       dpcbOHXyE+NwMYsvDNWT1cB2r3j/EhswL1O9+CbO
>       4wm9LikXKHyU8FmdwiNVEkXLKiMSdNqphphWPecs1
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list