[OpenID] OpenID as a PKI facilitator

Jaco Aizenman skorpio at gmail.com
Fri Apr 6 18:13:58 UTC 2007 

Anders,

In Costa Rica there is definitely an interest, because there are already
laws that require it. For example, since last year the Congress approved a
"Digital Signature Law", that specifies that PKI is the actual technology to
use. There is also lot´s of interest for OpenID because of the virtual
personality constitutional amendment, so I will be forwarding locally the
answers that your PKI&OID questions receive.

Best regards,

Jaco


On 4/6/07, Anders Feder <lists.anders at feder.dk> wrote:
>
> I'm fairly new to this list, so please bear with me if this subject is
> already well-understood.
>
> It's my humble contention, completely without grounding in documented
> research, that PKI has failed to proliferate as the standard platform
> for electronic communication for two reasons:
>
> 1. The incentive to acquire a personal public key is weak. The user must
> actively seek out PKI solutions in order to have a key pair generated,
> and the fact of the matter is that the vast majority of users don't even
> know what a public key is. Even if the user does manage to acquire a
> public key, he will have little use for it since most of his peers
> wouldn't know what to do with it.
> 2. There is no standard way of retrieving the public key of a recipient
> user, quite simply because the user is poorly defined outside of the PKI
> - a retrieving agent wouldn't know where to look.
>
> OpenID has the potential to solve both of these problems:
>
> 1. As OpenID is adopted across the Web, most users are likely to acquire
> an OpenID identifier. If every OP in addition help the user generate a
> PKI keypair, the issue of public key proliferation is solved.
> 2. OpenID identifiers are URL's, which, by definition, happens to
> identify a resource for which retrieval is well-defined. OpenID, on the
> other hand, defines how such a resource is unambiguously associated with
> a user. If the user's public key is stored together with the OpenID
> resource, the issue of public key retrieval is solved.
>
> In other words, OpenID could be the final building block in the
> establishment of a global PKI. A global PKI, in turn, would have a
> far-reaching impact on IT in general and information security in
> particular. Exploiting this potential would require a standard protocol
> for public key retrieval upon an OpenID identifier.
>
> * Is there any interest in the community to establish such a standard?
> * Has any work already been done to this end?
> * Or have there been other efforts to couple OpenID and PKI?
> * Other thoughts?
>
> Regards,
> Anders Feder
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Jaco Aizenman L.
My iname is =jaco (http://xri.net/=jaco)
Founder                - www.virtualrights.org
XDI Board member - www.xdi.org
Tel/Voicemail: 506-3461570
Costa Rica

What is an i-name?
http://en.wikipedia.org/wiki/I-name
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070406/0b299252/attachment-0002.htm>

More information about the general mailing list