[OpenID] [oauth] Re: [diso-project] Re: OpenID Accessibility

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Tue Nov 4 02:13:40 UTC 2008 

On 11/03/2008 12:54 PM, Ben Laurie:
> There are two cases. In one case, I just want to prove I'm the same
> guy as last time. In this case, a client cert without any further
> validation is fine. In fact, a self-signed cert is all that's needed,
> no requirement for a CA - in fact, this is exactly what a Cardspace
> self-issued card is.
>    

If you are fine with the first guy - whoever it might be, then yes.

> In the other case I want to prove I'm someone in particular (e.g. Ben
> Laurie, Google employee) - in this case I need to prove who I am in
> order to obtain the certificate. One way to do this is, as you say, to
> demonstrate ownership of an email address - and if everything works
> right, perhaps the email you send to "prove" that will not be
> intercepted en route.

No, email validation hardly says anything about you - it only proves 
control over the email account, but not that you are Ben Laurie nor that 
you are a Google employee. One might assume, that if you've got a 
google.com email address, then well, you might be an employee at Google. 
But it's somewhat vague...

Reminds me about some Google employee contacting me the other day with 
some inquiry or job offer ...and I thought it was a phishing attempt. 
The email wasn't signed nor any other indication which would let me 
clearly know, that this is somebody really working at Google. :S


Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/78097d75/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/78097d75/attachment-0002.bin>

More information about the general mailing list