[OpenID] XRD signing and a new kind of Claimed Identifier
Peter Williams
pwilliams at rapattoni.com
Sun Jun 7 02:40:49 UTC 2009
Recall what john said, signed xrd, where the issuer is a https url, and authenticity of the xrd verification key is a function the local eval of the https endpoint's cert chain, crl, krl, ocsp status etc..
So a seq of siged xrd files, with public key names, is but a continuation of the 509 cert chain (now free of the controls that prevent ee's from certifying public keys , and acting as ca servers).
-----Original Message-----
From: SitG Admin <sysadmin at shadowsinthegarden.com>
Sent: Saturday, June 06, 2009 6:17 PM
To: George Fletcher <gffletch at aol.com>; Andrew Arnott <andrewarnott at gmail.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] XRD signing and a new kind of Claimed Identifier
>The initial privacy question that comes to mind with this is whether
>the public key will become it's own globally correlatable identifier.
I missed that . . . *sigh*. Cross-signing of other XRD files, at the
risk of becoming completely impenetrable to normal users?
=[PublicKey#1]*[PublicKey#2]*[PublicKey#3]
-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list