[OpenID] Using Account Creation Date to preempt recycleable OpenID's in v.next

SitG Admin sysadmin at shadowsinthegarden.com
Wed Dec 2 22:45:24 UTC 2009


>And not having this info still leaves us vulnerable to incorrect 
>correlations (e.g., thinking that someone said something on a 
>mailing list a year ago because the archives don't store the 
>fragment with the author's name).

Isn't that what digital signatures are for? (Though, mailing list 
archives scrub that data along with all other attachments.) Even with 
the low use of digital signatures, or end-user knowledge of how to 
check them, does OpenID want to extend itself into that area? It may 
be within scope to *try*, but since E-mail addresses can be spoofed 
anyway, how much protection would this really offer?

-Shade


More information about the specs mailing list