[OpenID] [OpenID board] Members Login broken
chris.messina at gmail.com
chris.messina at gmail.com
Tue Jan 27 16:17:42 UTC 2009
Isn't this an Achilles heel of SSL or self-signed certs?
On 1/27/09, Peter Williams <pwilliams at rapattoni.com> wrote:
> This is the Achilles heel of OpenID.
>
> Within the openid framework, for now we could just ensure that by
> standardized AX processes, users can register a CTL of *their* trusted CAs
> at each consumer - to aid _subsequent_ recognition/discovery of the user's
> syno-nyms that delegate to the CTL-introducing OP. AX is a registration
> mechanism, that facilitates delegation to the users choice of source https
> domain.
>
>
> What a globally scalable OpenID trust model for https URLs needs is a
> properly-designed source tree routing/resolution protocol, something akin
> to pages 32-40 in
>
> http://www.nanog.org/mtg-9806/ppt/davemeyer/davemeyer.PPT
>
> By analogy, the "public CAs" used at OPs needs to play the role of
> sparse-mode PIM "Rendezvous Points" , seeking to connect "receivers" (openid
> consumers) to the many data "sources" (the many user vanity openids). In the
> course of registration, the https roots selected by the source (=USER) are
> communicated to the assertion-consumer sites, as the "url" (read multicast!)
> routing converges - linking the consumer https-realms to the user's vanity
> https-realms, on a per group basis.
>
> OpenID really does have a classical routing problem, exercised through urls
> rather than subnets.
>
>
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Brian Ellin
> Sent: Monday, January 26, 2009 9:04 PM
> To: Eddy Nigg (StartCom Ltd.)
> Cc: board at openid.net; general at openid.net
> Subject: Re: [OpenID] [OpenID board] Members Login broken
>
> Hi Eddy,
>
> RPX recently switched to using a list of standard certificate authorities
> that happened to not include StartSSL (https://www.startssl.com/), the
> issuer of your SSL certificate. We'll be updating our CA list to include
> include StartSSL shortly.
>
> Sorry for the inconvenience.
>
> Brian Ellin
> JanRain
>
>
>
> On Sun, Jan 25, 2009 at 3:10 PM, Eddy Nigg (StartCom Ltd.)
> <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:
> On 01/25/2009 04:29 AM, David Fuelling:
> Member Login is working for me at present.
>
> It did for me as well previously. :-(
>
>
>
>
> IMHO, the foundation has other things to worry about than making sure the
> website technology is working properly. We should be paying people to do
> that for core/key technology where volunteer help is either too slow, or
> non-existent.
>
> Let's let the OpenID community members concentrate on spec-writing.
>
> Except that we discussed previously that we want a vendor neutral interface
> at the OpenID Foundation web sites.
>
>
> Regards
>
>
>
> Signer:
>
> Eddy Nigg, StartCom Ltd.<http://www.startcom.org>
>
> Jabber:
>
> startcom at startcom.org
>
> Blog:
>
> Join the Revolution!<http://blog.startcom.org>
>
> Phone:
>
> +1.213.341.0390
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net<mailto:general at openid.net>
> http://openid.net/mailman/listinfo/general
>
>
--
Chris Messina
Citizen-Participant &
Open Web Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general
mailing list