[OpenID] Fwd: [OpenID Foundation] New Poll Opened

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sat Mar 21 08:03:04 UTC 2009 

On 03/21/2009 01:27 AM, Martin Atkins:
>
> The original OpenID was designed to operate without SSL at all, with 
> parties establishing associations on the fly with no verification, and 
> it remains that way today on LiveJournal.com. Some folks wanted the 
> benefits that SSL brings, and that's fine... no-one's forcing you to 
> use SSL right now. I fought SSL being a requirement for OpenID 2.0 and 
> I will continue to fight it as I believe it should be up to each party 
> to decide whether it needs the benefits SSL provides.
>
>

Yes, and with it you made the spec 2.0 less useful IMO. It's the opinion 
of a few which dominated and effectively blocked an obvious improvement 
to the spec, specially when compared to the amount of data to protect. 
Do we care about the few self-served OPs which refuse to even take the 
word "SSL" into their mouth or about the millions of users data to be 
protected by the many?

Clearly the major OPs decided already that they need the security and 
protection SSL offers. Why should we send SREG and other data around in 
plain text? For which benefit exactly? Why does OpenID has to align with 
a handful of anti-PKI proponents serving a handful of users, instead of 
creating a strong specification useful for the vast majority serving 
millions of user authentications and data?

I'm all for open, freedom and transparency, but it should stop when 
those benefits present a unneeded risk!

Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090321/798f42d1/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090321/798f42d1/attachment-0002.bin>

More information about the general mailing list