[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11

Ka-Ping Yee openid at zesty.ca
Mon Jan 22 20:04:38 UTC 2007


On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
> On the contrary, PKI is the basis of the security infrastructure
> that so far has provided the greatest defense against Internet crime - SSL.
>
> Judged by any rational set of standards SSL has been the most
> successful security protocol of all time. The costs of the PKI
> infrastructure are negligible compared to the value of the commerce
> it supports.

In practice SSL is primarily used to establish an encrypted channel
between endpoints, not to establish reliable reciprocal identification.
Given that almost no users pay any attention to certificates, what
reason do we have to believe that SSL succeeds because of PKI, rather
than in spite of it?

By what rational set of standards do you evaluate PKI -- how frequently
it is used, or how much fraud it actually prevents?


-- ?!ng



More information about the general mailing list