[OpenID] Reconsidering http://openid different from https://openid

Johannes Ernst jernst+openid.net at netmesh.us
Fri Sep 21 02:03:57 UTC 2007 

> I believe the question should be framed around what solution can be
> (primarily) secure and (secondarily) intuitive. I believe any  
> attempt to
> equate HTTP and HTTPS OpenID URLs will result in a significant, and
> unacceptable, loss of security.

This is where my priorities are different. (I hear the screams  
already as I write this)

A consumer-facing technology like OpenID that is secure but not  
intuitive will be neither, because it will not be adopted: 0 times  
whatever makes 0, whether it is secure or whatever. People will use  
alternative, more intuitive technologies, who are very likely even  
less secure.

A consumer-facing technology like OpenID that is intuitive but not  
secure can still reach 100% market share in a very large market: SMTP  
and e-mail comes to mind first, and countless others.

But what I'd like to challenge us all is to find a solution to this  
problem that is intuitive and moderately secure, and can be used in a  
manner that may be less intuitive but more secure after some  
additional user education or additional conventions or what have you  
that are less general.

So ... I believe what I proposed earlier might fit the bill, perhaps  
with some more fiddling. I would go for a "recommended" instead of a  
"must" if that's what it takes to make some progress on this.







Johannes Ernst
NetMesh Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070920/3c54da16/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070920/3c54da16/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the general mailing list