[OpenID] Changes to the OpenID Foundation member page login
Peter Williams
pwilliams at rapattoni.com
Sun Dec 7 20:59:53 UTC 2008
I know your views on caccert.org, Eddy! I have sympathy for the opinions of both sides of that long-running argument.
My only point was that cacert is not a non-vendor. Let’s remember that the non-vendor criterion seemed to be in vogue for the thread, at the time. Apparently, there is more yet more hair splitting about which vendors can be seen to be involved in delivering an OpenID service; the policy applies to all endorsements, but not all types require actual disclosure.
The issue of self-signed and/or PKI is a fun deckchair, tho – as https is highly relevant to OpenID’s viability and defines its ability to scale its discovery processes (though it’s always interesting to determine who denies that, and get to their rationale).
For now, the Foundation endorses only TTP-based PKI - as far as I can tell.
And that means, I suspect, that your own OP’s https OpenIDs will NOT be usable at the Foundation voting site, yes?
IF so, (a) there is evidently reliance policy founded on SSL, and (b) it discriminates against your firm’s OP.
Or did you capitulate, and go buy a $50 cert for your OP/discovery responder?
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Sunday, December 07, 2008 1:13 PM
To: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login
On 12/07/2008 08:16 PM, Peter Williams:
Why is the Foundation (or a sponsor) not running openssl, and its own CA, so as not to appear biased to any particular CA services vendor?
Oh no, Peter, no way. Self-signed certificates don't provide any protection at all, period. See https://blog.startcom.org/?p=125
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/59065fca/attachment-0002.htm>
More information about the general
mailing list