[OpenID] Changes to the OpenID Foundation member page login

Dave Kearns dkearns at gmail.com
Sun Dec 7 19:24:13 UTC 2008 

Hasn't this thread died yet???

Are there still more deck chairs to re-arrange?

-dave
  -----Original Message-----
  From: general-bounces at openid.net [mailto:general-bounces at openid.net]On
Behalf Of Peter Williams
  Sent: Sunday, December 07, 2008 10:16 AM
  Cc: general at openid.net
  Subject: Re: [OpenID] Changes to the OpenID Foundation member page login


  Out of interest, which vendor of CA key management services did/does the
Foundation use? Is that cert involved in assuring the secured transmission
of credit-card data, by any chance?



  Choice of CA IS an implicit endorsement of the CA's relying party
agreements, note. Some of them of horrendously anti-opensource, in their
policies. Use a VeriSign server cert, for example, and you are projecting
VeriSign copyrights. And, more generally, you are endorsing the practice
that TTPs (CAs, IDPs, OPs) legally-own the bit-representation of a users'
assertion when reduced to a (VeriSign-)signed cert form (which seems a very
un-UCI thing to be endorsing)



  Why is the Foundation (or a sponsor) not running openssl, and its own CA,
so as not to appear biased to any particular CA services vendor?



  Of course, we all know why. Certain CA services  vendors-only solutions
make SSL configuration viable (whereas open source-principled SSL service
tend to be being rejected by consumers (e.g. cacert.org)).



  Trouble is, we CANNOT make exceptions to the no-vendor endorsements rule.
We cannot sustain a "we endorse a vendor in one area critical to openid
(SSL/PKI), but not another (class libraries for UI builders)." Or, can we?



  If folks want an introduction to cacert.org  (a non vendor class of SSL/CA
services), it's easy to arrange. Its all built on openssl., and operates as
a non-profit. Understand that the enduser experience of foundation-showcase
of openid for members will go down in quality considerably, tho - when you
throw out whichever evil CA service vendor is being Foundation-endorsed,
today.



  From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of larry drebes
  Sent: Sunday, December 07, 2008 8:41 AM
  To: david at sixapart.com
  Cc: general at openid.net
  Subject: Re: [OpenID] Changes to the OpenID Foundation member page login







    2) Did JanRain ask the Foundation to purchase an SSL certificate (I
generally buy them for around $50/year)?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/7605b502/attachment-0002.htm>

More information about the general mailing list