[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11

James A. Donald jamesd at echeque.com
Wed Jan 24 03:33:19 UTC 2007

Ka-Ping Yee [mailto:openid at zesty.ca]
 >> In practice SSL is primarily used to establish an
 >> encrypted channel between endpoints, not to establish
 >> reliable reciprocal identification. Given that almost
 >> no users pay any attention to certificates, what
 >> reason do we have to believe that SSL succeeds
 >> because of PKI, rather than in spite of it?

Hallam-Baker, Phillip
 > SSL achieves the original security goals set for it.

Which were defined to fit what PKI does, not what the
user needs.

The user needs proof of relationship, not proof of true

          James A. Donald

More information about the general mailing list