[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11

James A. Donald jamesd at echeque.com
Mon Jan 22 18:41:33 UTC 2007


Hallam-Baker, Phillip
 > > > If you change the browser you might as well really
 > > > change the browser and use a strong authentication
 > > > mechanism based on PKI

Ben Laurie
 > > I'm sure you meant to say "based on asymmetric
 > > cryptography".

Hallam-Baker, Phillip
 > No, any time you have a trusted key you have an
 > infrastructure.

No you do not, nor is PKI useful in solving phishing.

PKI is a solution that has been tried and has failed.
It has become an obstacle, as commercial interests
actively block alternatives that do not involve a small
number of centralized authorities with a special
privilege that enables them to intrude between client
and server and charge the server.




More information about the specs mailing list