[OpenID] Thinking About OpenID.com

Nat Sakimura sakimura at gmail.com
Sun Mar 23 11:38:39 UTC 2008 

Hi Johaness,

Actually, that is part of the reason why we are bringing the notion of
Public Key back into the place in our proposal of reputation service and
trusted data exchange. For a serious business apps, I suppose we need this
kind of structure.

Let us disccuss them in the forthcoming WGs :-)

=nat

2008/3/22, Johannes Ernst <jernst+openid.net at netmesh.us>:
>
> On 2008/03/20, at 3:34, Chris Drake wrote:
> > 7) Legal responsibilities - probably not one that Providers are happy
> >   with, but, it's not the RPs fault if a customer account is
> >   plundered because of fault with the login system - freeing up the
> >   RP from the legal liability/responsibility of that issue (eg: the
> >   customer would sue the Provider, not the RP)
>
>
> Actually, no. The customer would sue both the RP and the OP, and the
> RP would sue the OP -- at a minimum ;-) And one of the problems with
> have with OpenID so far is that legal discovery would be very hard
> because nobody could prove to anybody what they have done or not.
>
> (This is one of the reasons why I originally picked GPG as the crypto
> for LID instead of symmetric keys that we have in OpenID -- if the RP
> keeps the incoming requests around, the RP can show them later in
> legal discovery and say "see, nobody could have produced this
> signature at the encoded time stamp other than somebody in the
> possession of the private key, and that's not us, so we get to go home
> free")
>
> I continue to believe that we'll have to address this problem sooner
> or later ... even if some people on this list seem to have some kind
> of public-key phobia ;-)
>
> Cheers,
>
>
>
> Johannes.
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
>
>
>   http://netmesh.info/jernst
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080323/ec706af4/attachment-0002.htm>

More information about the general mailing list