[OpenID] [LIKELY_SPAM]Re: Problems with delegation and directed identity OPs
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Nov 7 01:47:23 UTC 2008
>Even then, it seems that some RPs don't really do SSL correctly;
>they don't completely validate the SSL certificates against a
>trusted list of root CAs. So if self-signed SSL certs don't raise
>any warnings; then SSL is sort of compromised anyway.
Where did you get the "trusted list" from? (I predict that, in the
future, "XRI" will be a symonym for "however"; we got it from
SOMEwhere, not specifying though.) Could you leverage existing OpenID
associations?
http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
But then we have problems with cache poisoning for independent sites
that haven't begun to support OpenID (or even SSL!) yet. I suspect
that this will cease being a problem if we can move to XRI's; in the
meantime, it's somewhat awkward to add a public key to someone's
OpenID (thus discriminating between "site.com" with one self-signed
SSL cert and "site.com" with another).
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081106/c5083b1a/attachment-0002.htm>
More information about the general
mailing list