[OpenID] PKI

Hallam-Baker, Phillip pbaker at verisign.com
Wed Jan 24 13:55:26 UTC 2007

PKI is bing successful at allowing users to identify organizations. That is currently the most important task in stopping phishing attacks where the phishing gang is impersonating the bank.

PKI is also used in a billion smart cards to authenticate customers to their bank in the European Chip and PIN scheme.

These are billion dollar plus infrastructures that secure trillions of dollars of trade annually. That is a success.

There being no identity infrastructure ubiquitously deployed in the Internet we cannot make any conclusion as to the relative advantages of different primary authentication schemes. The lack of such an infrastructure to date appears to be due to lack of perceived demand rather than lack of technology.

The user authentication support in SSL was an afterthought, the user experience miserably executed and poorly thought out. CardSpace changes that.

> -----Original Message-----
> From: Ka-Ping Yee [mailto:openid at zesty.ca] 
> Sent: Wednesday, January 24, 2007 12:40 AM
> To: Hallam-Baker, Phillip
> Cc: heraldry-dev at incubator.apache.org; openid-general
> Subject: PKI
> On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
> > I said that PKI was successful and that SSL fulfilled its goals.
> >
> > I did not say that the goals of PKI had been fullfilled nor is that 
> > relevant in the slightest.
> Clearly I don't understand what you mean by "successful" and 
> I seem to have a different (perhaps you would say "strawman") 
> idea of what "successful" means.
> Do you see PKI as having been successful at helping its users 
> identify other parties?  If not, then what has PKI been 
> successful at doing?
> I'd appreciate if you could take a moment to explain.
> Thanks,
> -- ?!ng

More information about the general mailing list