security

[Scott Kveton]

> Yes I am talking about products that normally only technical people use, but
> that was the premise of the thought in the first place.

The examples you originally gave were SMTP, POP3, IMAP and the SSL-enabled
AIM.  I would not consider those products only used by technical people.

> No one should ever
> expect a user to have to figure out how to use these things themselves.
> Look how much trouble people have with simple password authentication, and
> the only truly widespread dumber-than-rocks-user accepted 2 factor
> authentication system I have ever heard of is ATM cards.

Exactly!  This is my point.  Just like the web was originally only a
novelty, over time, it developed the tools and services needed to do
commerce and comply with government regulations.

But if we'd started with the perfect black box it never would have taken off
in the first place.

Its not the protocol that is most important here, its the process for making
that protocol useful, practical _and_ secure that matters.  Discussions like
this are an important part of the process for OpenID.  Otherwise this is
just an academic exercise and we will never see widespread adoption.

- Scott