[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11

Hallam-Baker, Phillip pbaker at verisign.com
Mon Jan 22 19:24:28 UTC 2007

On the contrary, PKI is the basis of the security infrastructure that so far has provided the greatest defense against Internet crime - SSL.

Judged by any rational set of standards SSL has been the most successful security protocol of all time. The costs of the PKI infrastructure are negligible compared to the value of the commerce it supports.

There are uses of S/MIME that do provide effective security controls for the community that applies them. But any CA that continues to advocate per-user certs in place of domain level authentication has failled to understand their real business interests.

> -----Original Message-----
> From: James A. Donald [mailto:jamesd at echeque.com] 
> Sent: Monday, January 22, 2007 1:42 PM
> To: Ben Laurie
> Cc: Hallam-Baker, Phillip; specs at openid.net; openid-general; 
> heraldry-dev at incubator.apache.org
> Subject: Re: [OpenID] Announcing OpenID Authentication 2.0 - 
> Implementor'sDraft 11
> Hallam-Baker, Phillip
>  > > > If you change the browser you might as well really  > 
> > > change the browser and use a strong authentication  > > > 
> mechanism based on PKI
> Ben Laurie
>  > > I'm sure you meant to say "based on asymmetric  > > 
> cryptography".
> Hallam-Baker, Phillip
>  > No, any time you have a trusted key you have an  > infrastructure.
> No you do not, nor is PKI useful in solving phishing.
> PKI is a solution that has been tried and has failed.
> It has become an obstacle, as commercial interests actively 
> block alternatives that do not involve a small number of 
> centralized authorities with a special privilege that enables 
> them to intrude between client and server and charge the server.

More information about the general mailing list