[OpenID] Localhost OpenID
James A. Donald
jamesd at echeque.com
Fri Dec 15 09:06:50 UTC 2006
Jeremy Smith wrote:
> I think it would really be *bad* for OpenID if it were possible to use
> localhost as your identity. It's the equivalent of saying "I am me". It
> provides no useful information and does not provide any identity.
In the scenario, your identity is a hash of your public key. The hash
only has to be large enough that a hostile party cannot find a duplicate
of the hash, for which 80 bits is sufficient. That is 16 alphanumeric
characters, case insensitive, or 14 alphanumeric characters, case
sensitive, or 17 alphabetic characters, case insensitive.
So you would type in @key*local, which would be treated as the name of
your key resolution scheme, which would then resolve to something like:
@key*bcdkrxzlsxishvmor, where bcdkrxzlsxishvmor is the hash of the root
key on your usb drive.
More information about the general
mailing list