[OpenID] openid query
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Feb 29 13:03:18 UTC 2008
Hi Martin,
Martin Paljak wrote:
> In Estonia, when people say they don't trust the smart card technology
> which the national eID is based upon or they don't trust the
> government issuing them
Doesn't the government knows best about who you are? I mean, they issue
all the other documents too, like IDs, passports and driving
licenses...I guess it can't get better than that. This is what CAs rely
upon usually...
...except in case the government also creates the private keys for its
citizens, which would be indeed a reason not to trust such cards for
encrypted data exchange (and authentication).
>
> For me, all technologies that imply some kind of universal built in
> trust (like PKI)
This is for what standards and definitions are here for....or for that
matter policies which govern CAs in software like browsers?! Nothing is
perfect, but is it broken by design?
>
> So instead of building a uniform trust model into OpenID, lets give
> all parties (users, consumers, providers) means to make a good trust
> *decision* based on different inputs. Like PAPE.
>
Muhhhaaahaha....And who confirms to you (the RP) that the OP indeed
implements the PAPE assertions? What refrains an OP from returning
Physical Multi-Factor and NIST level 4 no matter what? That's like hot
air...The assertions made by both our OpenID providers (*) are worthless
because anybody can claim the same....it devalues our efforts and gives
to the RP (and user) at best a wrong sense of trust and security...
(* I know Martin from a different mailing list not related to OpenID and
happen to know about the OpenID provider he operates)
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080229/b067b409/attachment-0002.htm>
More information about the general
mailing list