[OpenID] [OpenID board] wiki.openid.net is now set up

Peter Williams pwilliams at rapattoni.com
Sat Dec 20 04:43:07 UTC 2008 

So what is the real beef with cacert!

I suspect, from what I've seen with mozillas and debians "process", several of the ca on their ctl are "dubious".

To my mind the issue is debian/mozilla, not the ca.

Making ca generic, and then using debian ctl without review, just makes the foundation undermine what its specs portray about the value of its https openids, imho.

openid discovery is worthess, as its its delegated id model (unless https is done properly). Sp discovery on release controls and realm authorities is bogus, unless the op has controls over it ctls.

Sure folks do all this and more when paid, under some usg contract. But that's easy. What is hard is the public network.

________________________________
From: Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org>
Sent: Friday, December 19, 2008 6:52 PM
To: OpenID List <general at openid.net>
Subject: Re: [OpenID] [OpenID board] wiki.openid.net is now set up

On 12/20/2008 04:37 AM, Peter Williams:


If we could help pbwiki recognize and fix the protocol issues, I think they are pretty close to ready. Then, there is just the point of ensuring they support the same CAs as does the foundation (or any other customer of theirs): so 1) users are not "denied" at one foundation service, while "accepted" at another and 2) are denied at pbwiki for all cas where they were denied access (for reason of ca) at the voting site.


Agreed! Therefore I suggest that the foundation removes the CA certificates of cacert from the foundation server in order to be in sync with the wiki. I'm not aware of any policy adopted by OpenID, but if you so badly insist on the principal above, than this is what should be done then. So much fuss about nothing, you could simply ask PKwiki instead (maybe they denied your request previously, who knows?).


Regards

Signer:         Eddy Nigg, StartCom Ltd.<http://www.startcom.org>
Jabber:         startcom at startcom.org<xmpp:startcom at startcom.org>
Blog:   Join the Revolution!<http://blog.startcom.org>
Phone:  +1.213.341.0390

More information about the general mailing list