[OpenID] OpenID as a PKI facilitator

Dick Hardt dick at sxip.com
Fri Apr 6 20:26:44 UTC 2007


DNSSEC is another potential way for a global PKI to be deployed.

On 6-Apr-07, at 11:32 AM, Nic James Ferrier wrote:

> Anders Feder <lists.anders at feder.dk> writes:
>
>> 1. As OpenID is adopted across the Web, most users are likely to  
>> acquire
>> an OpenID identifier. If every OP in addition help the user  
>> generate a
>> PKI keypair, the issue of public key proliferation is solved.
>> 2. OpenID identifiers are URL's, which, by definition, happens to
>> identify a resource for which retrieval is well-defined. OpenID,  
>> on the
>> other hand, defines how such a resource is unambiguously  
>> associated with
>> a user. If the user's public key is stored together with the OpenID
>> resource, the issue of public key retrieval is solved.
>>
>> In other words, OpenID could be the final building block in the
>> establishment of a global PKI. A global PKI, in turn, would have a
>> far-reaching impact on IT in general and information security in
>> particular. Exploiting this potential would require a standard  
>> protocol
>> for public key retrieval upon an OpenID identifier.
>>
>> * Is there any interest in the community to establish such a  
>> standard?
>> * Has any work already been done to this end?
>> * Or have there been other efforts to couple OpenID and PKI?
>> * Other thoughts?
>
> There are already providers:
>
>    http://prooveme.com  is my own, based on issuing certs.
>
>    http://certifi.ca is another one, based on existing cert providers.
>
>
> I (and my colleagues) have a bunch of things we'd like to spec out but
> we're a bit busy dealing with the IE issues (and all the other things
> we do /8-)
>
> I certainly think specs in this regard would be well worth
> pursuing. They could add a level of confidence that is not already
> present.
>
>
> -- 
> Nic Ferrier
> http://www.tapsellferrier.co.uk
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>




More information about the general mailing list