[OpenID] Changes to the OpenID Foundation member page login

Peter Williams pwilliams at rapattoni.com
Mon Dec 8 00:29:38 UTC 2008 

Eddy:

Let’s get down and dirty, since https OpenIDs are part of the standard. I don’t see how we can easily  wash our hands of PKI (much as I’d love to do so).


1.       Would you counsel the secretary running the election to accept http (i.e. non-https) openids in the coming election?



2.       If https openids are used by votering members, would you counsel that the rules should prevent those presumed voters from using the election site?


3.       If https openids are used and acceptable under the election rules, would you counsel that the election site from accept any and all CAs supporting that https channel?



4.       If proper https openids are used when exercising a voting right, would you counsel that the Foundation limit the CAs used in https openids to any particular list of CA service providers?


The legal problems I see are (a) the Foundation  is required to accept any of the CA’s relying party agreements, merely to  process the vote by https openid, and (b) the potential voter is required to accept the relying party agreement of the Foundation’s choice of CA, merely to vote.

One way to avoid all that legal PKI stuff is to require voters to access the site using only non-https OpenIDs.



From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Sunday, December 07, 2008 5:06 PM
To: general at openid.net
Subject: Re: [OpenID] Changes to the OpenID Foundation member page login

On 12/08/2008 12:17 AM, David Recordon:
+1

On Dec 7, 2008, at 10:37 AM, Dick Hardt wrote:
We can. SSL/PKI is generic tech as far as the Foundation is concerned. The Foundation using a particular CA is not a strong endorsement. The Foundation using a particular OpenID technology may be considered an endorsement.


Agreed! I don't particularly care which CA is used to secure the foundations web site, this is about OpenID, not PKI.
Regards



Signer:

Eddy Nigg, StartCom Ltd.<http://www.startcom.org>

Jabber:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Phone:

+1.213.341.0390




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081207/677a3ceb/attachment-0002.htm>

More information about the general mailing list