SSL, DNSSEC and protected data enroute? (was Re: off topic -how many people use OpenID ?)
Alaric Dailey
alaricd at pengdows.com
Fri Oct 20 21:51:43 UTC 2006
Recordon, David wrote:
>
> I honestly didn't believe this over a year ago when I first met the
> VeriSign guys, but I just want to make it clear that VeriSign is not
> involved in OpenID with the goal of selling SSL certificates.
>
Good. If anything the idea of such a project would be to improve
diversity, not create a monopoly. And knowing Eddy the way I do, I know
he isn't out to make money on it either (obviously not, as he wouldn't
be giving away certs if he was).
>
> From a security perspective, self-signed certs can do a lot of what is
> needed for what OpenID is doing. At the same time, there really is
> value, even for OpenID, in a cert that chains up to a trusted CA.
>
<rant>
Self-Signed certs are a plague (just like VB), and should never be allowed.
</rant>
However... I see more use for CAs with OpenID, than simply encrypting
data.
http://startssl.wordpress.com/2006/10/06/sxipping-in-user-centric-identity-and-its-relationship-to-a-ca/
all that aside, honestly, I am concerned that starting insecure and
trying to add security is a BAD way to go about things. Reminds me of
poorly done firewalls, open everything and closed problem ports, yeck.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061020/be775394/attachment-0002.htm>
More information about the general
mailing list