[OpenID] [oauth] Re: [diso-project] Re: OpenID Accessibility
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Nov 4 18:31:09 UTC 2008
On 11/04/2008 06:07 PM, Ben Laurie:
>
> http://openid.net/pipermail/general/2008-November/006352.html
>
If you read what I wrote there, you'd understand that it wasn't about
email validation at all, but about phishing resistance. It was the point
from the beginning:
"The only exchange is really the public key submitted to the CA and the
issuance of the certificate. There is no need to exchange any other
information, none of it is a secret either."
>> What would they sign it with, or indicate with, that would convince you?
>>
>>
>> Validated S/MIME certificate.
>>
>
> Validated how?
>
...by validating and confirming the identity of the subscribers. There
are common procedures for doing that, however I think it's not the scope
of this list to discuss this issue further here. It was an example to
show that email addresses don't provide any proof about the identity or
employer of a subscriber.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/7aba289d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/7aba289d/attachment-0002.bin>
More information about the general
mailing list