[OpenID] Changes to the OpenID Foundation member page login

Peter Williams pwilliams at rapattoni.com
Sun Dec 7 22:42:24 UTC 2008


During the coming vote, there will be the ability to objectively test how GENERICALLY the Foundation treats PKI, since we have now had a membership committee spokesperson endorse the statement that 'PKI is generic' is Foundation policy (i.e. the  Foundation has no vendor criteria on the topic of CAs).

If it is truly generic, any OP using a self-signed cert for a CA to support https OpenIDs will presumably have a simple, standard and unencumbered means to register the self-signed cert with the Foundation  - so the Foundation will perform identity verification for an https openid referring to that OP's self-signed root cert.

The objective test of this will be in the next round of voting. It should be easy for an auditor to  see if any formally-eligible openid-based votes were eliminated or interfered with because (a) the root cert used by the OP could be not be registered, (b) said root could not be registered in time (c) no fair means existed to perform the registration of said cert (and test it).

To be more positive, it will be easy to test that no vote was challenged/unprocessed merely because the OP uses a self-signed CA cert  to support https  OpenIDs.


From: David Recordon [mailto:drecordon at sixapart.com]
Sent: Sunday, December 07, 2008 3:17 PM
To: Dick Hardt
Cc: Peter Williams; general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login

+1

On Dec 7, 2008, at 10:37 AM, Dick Hardt wrote:



On 7-Dec-08, at 10:16 AM, Peter Williams wrote:

Trouble is, we CANNOT make exceptions to the no-vendor endorsements rule. We cannot sustain a "we endorse a vendor in one area critical to openid (SSL/PKI), but not another (class libraries for UI builders)." Or, can we?

We can. SSL/PKI is generic tech as far as the Foundation is concerned. The Foundation using a particular CA is not a strong endorsement. The Foundation using a particular OpenID technology may be considered an endorsement.

-- Dick
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/ecaf866f/attachment-0002.htm>


More information about the general mailing list