[OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP implementations)

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Jan 2 22:00:54 UTC 2009 

On 01/02/2009 10:45 PM, Martin Paljak:
> On 02.01.2009, at 15:16, Eddy Nigg (StartCom Ltd.) wrote:
>> Martin, failures and disclosing them serves the purpose to improve 
>> and prevent them. I'm responsible for disclosing one of the listed 
>> above, which however doesn't mean that public certification is a 
>> total failure. It speaks rather for the dedication and also the 
>> ability of the industry to control and improve itself.
> Of course disclosure is good. But as you have interests in one CA I 
> have to take your opinion as probably biased ;)
>

Right! And as such I have an interest that my work isn't de-valued by 
other CAs. Such is the interest of many CAs and hence there is a real 
interest that we (CAs) are able to upheld the promises we make as a 
collective. That's why incidents such as I reported are extremely bad 
and must not happen. I'm active in different forums out of my biased 
interest to make and keep PKI reliable.

Disclaimer: Mistakes can happen, negligence must not however.

>
> "Nothing to see here, move along, EV fixes everything". Yes - 
> technically, within the boundaries set by the established CA business, 
> everything is OK and will be even better with EV. But I try to 
> question the existing, current approach of CA-s doing business under 
> the name "trust business". CA-s should deal with certification and 
> users should be dealing with trust issues and decisions. PKI as we 
> know it now is not an implementation I like as a (loud minority) user.

Well, the minority of the Netizens have the ability to make the 
decisions you like them to make. I'm not sure about you, but how many 
CP/CPS of CAs have you read recently before making a decision if to trust?

> Good question. As "you can do anything with OpenID" I believe it is 
> left open - you can do whatever if you want if you consider it useful.
>
Sure, that's why we are here, aren't we? :-)


Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090103/d7f97367/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090103/d7f97367/attachment-0002.bin>

More information about the general mailing list