[OpenID] Changes to the OpenID Foundation member page login

[Peter Williams]

I know your views on caccert.org, Eddy!  I have sympathy for the opinions of both sides of that long-running argument.

My only point was that cacert  is not a non-vendor. Let’s  remember that the non-vendor criterion seemed to be in vogue for the thread, at the time. Apparently, there is more yet more hair splitting about which  vendors can be seen to be involved in delivering an  OpenID service; the policy applies to all endorsements,  but not all types require actual disclosure.

The issue of self-signed and/or PKI is a fun deckchair, tho  – as https is highly relevant to OpenID’s viability and defines its ability to scale its discovery processes (though it’s always interesting to determine who denies that, and get to their rationale).

For now, the Foundation endorses only TTP-based PKI - as far as I can tell.

And that means, I suspect, that your own OP’s https OpenIDs will NOT be usable at the Foundation voting site, yes?

IF so, (a) there is evidently reliance policy founded on SSL, and (b) it discriminates against your firm’s OP.

Or did you capitulate,  and go buy a $50 cert for your OP/discovery responder?


From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Sunday, December 07, 2008 1:13 PM
To: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login


On 12/07/2008 08:16 PM, Peter Williams:


Why is the Foundation (or a sponsor) not running openssl, and its own CA, so as not to appear biased to any particular CA services vendor?

Oh no, Peter, no way. Self-signed certificates don't provide any protection at all, period. See https://blog.startcom.org/?p=125

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/59065fca/attachment-0002.htm>