[OpenID] Changes to the OpenID Foundation member page login
Dave Kearns
dkearns at gmail.com
Sun Dec 7 19:24:13 UTC 2008
Hasn't this thread died yet???
Are there still more deck chairs to re-arrange?
-dave
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net]On
Behalf Of Peter Williams
Sent: Sunday, December 07, 2008 10:16 AM
Cc: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login
Out of interest, which vendor of CA key management services did/does the
Foundation use? Is that cert involved in assuring the secured transmission
of credit-card data, by any chance?
Choice of CA IS an implicit endorsement of the CA's relying party
agreements, note. Some of them of horrendously anti-opensource, in their
policies. Use a VeriSign server cert, for example, and you are projecting
VeriSign copyrights. And, more generally, you are endorsing the practice
that TTPs (CAs, IDPs, OPs) legally-own the bit-representation of a users'
assertion when reduced to a (VeriSign-)signed cert form (which seems a very
un-UCI thing to be endorsing)
Why is the Foundation (or a sponsor) not running openssl, and its own CA,
so as not to appear biased to any particular CA services vendor?
Of course, we all know why. Certain CA services vendors-only solutions
make SSL configuration viable (whereas open source-principled SSL service
tend to be being rejected by consumers (e.g. cacert.org)).
Trouble is, we CANNOT make exceptions to the no-vendor endorsements rule.
We cannot sustain a "we endorse a vendor in one area critical to openid
(SSL/PKI), but not another (class libraries for UI builders)." Or, can we?
If folks want an introduction to cacert.org (a non vendor class of SSL/CA
services), it's easy to arrange. Its all built on openssl., and operates as
a non-profit. Understand that the enduser experience of foundation-showcase
of openid for members will go down in quality considerably, tho - when you
throw out whichever evil CA service vendor is being Foundation-endorsed,
today.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of larry drebes
Sent: Sunday, December 07, 2008 8:41 AM
To: david at sixapart.com
Cc: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login
2) Did JanRain ask the Foundation to purchase an SSL certificate (I
generally buy them for around $50/year)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/7605b502/attachment-0002.htm>
More information about the general
mailing list