[OpenID] Changes to the OpenID Foundation member page login
Peter Williams
pwilliams at rapattoni.com
Sun Dec 7 18:16:25 UTC 2008
Out of interest, which vendor of CA key management services did/does the Foundation use? Is that cert involved in assuring the secured transmission of credit-card data, by any chance?
Choice of CA IS an implicit endorsement of the CA's relying party agreements, note. Some of them of horrendously anti-opensource, in their policies. Use a VeriSign server cert, for example, and you are projecting VeriSign copyrights. And, more generally, you are endorsing the practice that TTPs (CAs, IDPs, OPs) legally-own the bit-representation of a users' assertion when reduced to a (VeriSign-)signed cert form (which seems a very un-UCI thing to be endorsing)
Why is the Foundation (or a sponsor) not running openssl, and its own CA, so as not to appear biased to any particular CA services vendor?
Of course, we all know why. Certain CA services vendors-only solutions make SSL configuration viable (whereas open source-principled SSL service tend to be being rejected by consumers (e.g. cacert.org)).
Trouble is, we CANNOT make exceptions to the no-vendor endorsements rule. We cannot sustain a "we endorse a vendor in one area critical to openid (SSL/PKI), but not another (class libraries for UI builders)." Or, can we?
If folks want an introduction to cacert.org (a non vendor class of SSL/CA services), it's easy to arrange. Its all built on openssl., and operates as a non-profit. Understand that the enduser experience of foundation-showcase of openid for members will go down in quality considerably, tho - when you throw out whichever evil CA service vendor is being Foundation-endorsed, today.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of larry drebes
Sent: Sunday, December 07, 2008 8:41 AM
To: david at sixapart.com
Cc: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login
2) Did JanRain ask the Foundation to purchase an SSL certificate (I generally buy them for around $50/year)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/0afd63bb/attachment-0002.htm>
More information about the general
mailing list