[OpenID] Xrd signing with username token
Peter Williams
pwilliams at rapattoni.com
Tue Jul 28 16:22:59 UTC 2009
The guts of XRI resolution is just DNS.
The guts of trusted resolution XRI is just secure DNS, walking down the public keys from parent authority to child authority's server.
But, XRI is a lot more comprehensive about CNAMEs than DNS ever was (allowed to be).
But, just like secure X.500 (1980s) and secure DNS (1990s), secure XRI walks into a wall: folks are VERY wary of relying on name servers for trust management/resolution.
I suspect we will hyrbid schemes emerge, much as ldap + kerberos + SRV records were combined by Microsoft in Windows 2008 Server for secure partial tree replication, secure metadata/schema distribution, secure "app domain" naming partitions and replication spaces, secure DRM etc.
________________________________________
From: SitG Admin [sysadmin at shadowsinthegarden.com]
Sent: Monday, July 27, 2009 5:01 PM
To: Peter Williams
Cc: general at openid.net
Subject: RE: [OpenID] Xrd signing with username token
>I know you were once challenged by XRI.
The guts of it are still a bit beyond me (as is, frankly, much of the
OpenID spec), but I do have a strong grasp of the theory now. The
discussion (on this list) about signatures, so far, has seemed to lie
well inside the technical territory, so I've mostly been staying away
from all that.
-Shade
More information about the general
mailing list