security

[Alaric Dailey]

I hate to tell you, most people STILL don't know their SMTP from their POP,
and only Uber-geeks like me even bothered looking at the SSL version of AIM.


Only geeks really "get" them 


And we aren't talking about a system that users have to interact with, we
are talking about a backend protocol.

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Scott Kveton
Sent: Tuesday, October 24, 2006 11:30 AM
To: general at openid.net
Subject: Re: security

> Yes I am talking about products that normally only technical people 
> use, but that was the premise of the thought in the first place.

The examples you originally gave were SMTP, POP3, IMAP and the SSL-enabled
AIM.  I would not consider those products only used by technical people.

> No one should ever
> expect a user to have to figure out how to use these things themselves.
> Look how much trouble people have with simple password authentication, 
> and the only truly widespread dumber-than-rocks-user accepted 2 factor 
> authentication system I have ever heard of is ATM cards.

Exactly!  This is my point.  Just like the web was originally only a
novelty, over time, it developed the tools and services needed to do
commerce and comply with government regulations.

But if we'd started with the perfect black box it never would have taken off
in the first place.

Its not the protocol that is most important here, its the process for making
that protocol useful, practical _and_ secure that matters.  Discussions like
this are an important part of the process for OpenID.  Otherwise this is
just an academic exercise and we will never see widespread adoption.

- Scott

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general