[OpenID] OpenId recycling and trust

[Peter Williams]

		1) On account creation, the OP automatically creates a key pair for the
		account.  There is no need for the key to be signed or certified.  The
		public key would be published probably along the lines of
		http://openid.net/specs/openid-service-key-discovery-1_0-01.html
		
		2) The RP includes a random challenge code in it's request to the OP.
		
		3) The OP returns a signed version in it's response, along with the
		public key's fingerprint, or even the entire key, if that's not
		considered too long.  If the entire key is included, then there is
		probably no need to publish the key any other way.
		 

This is equivalent to a simple-style distribution of plaintext public keys, from a web resource repository. Whereas the mac-key of the SSL record layer connection state does provide data origin authentication to that public key resources obtained via https, in the proposed scheme the assurance of data origin authentication comes alternatively from the OpenID Association management process. 
 
I see a contradiction however. In general, best practice  in this community seems to be be advising folks to use https to secure the association management data flows - as OpenID Association management processes have not been endorsed or reviewed by security specialists. The OpenID association protocol does not exhibit the same elements used in the SSL handshake design. And, I doubt OpenID association stores have the same kind of OS and applicance protections applied to them as folks have slowly learned to apply to SSL sessionkey caches and stores.
 
In my view, we should be wary of endorsing reliance on keys assured solely by the OpenID association setup protocol for general-purpose asymmetric key distribuition.