[OpenID] last mile politics

[SitG Admin]

>Just a thought.  Why not add a simple OpenID extension:
>
><link property="openid2.PublcKey" content="ABCD..." />
>
>and bring openid into the world of PKI?

Instead of bringing PKI into the world of OpenID?

Interesting thought. It would still leave an opportunity to convince 
RP's (later on) that public key cryptography (not the 
*Infrastructure*, which is centralized) should be supported as an 
alternate Claimed Identity ("support" being the validation of claims 
on it).

I think you're suggesting that, instead of ask RP's to learn how to 
support PKI, the OpenID links be used as an alternate propagation 
mechanism for keys (instead of relying on the known keyservers). 
Implicitly, this could be extended (via XRI) through other gateways, 
since the existence of alternate nameservers (each of whom claim to 
be the sole authority, and may be correct within their network) would 
still not be able to generate true namespace collisions, assuming 
each node in the chain verified the public keys were signed. (They 
still wouldn't be able to directly access CRL's and other features of 
a PKI, but here *gateways* could compete, since the key is 
effectively an absolute address across different networks.)

I like! (I also get a sense of strong overlap with technologies Peter 
has described before, though I didn't understand them well enough 
then to have a good recollection now.) Now, to give PKI vets an 
opportunity to yell at me about why this can't work ;)

-Shade