[OpenID] last mile politics
Johannes Ernst
jernst+openid.net at netmesh.us
Fri Jul 8 16:16:04 UTC 2011
That one, I'd call one of the original LID ideas.
http://lid.netmesh.org/wiki/MinimumLID#Public_Key
On Jul 8, 2011, at 7:59, SitG Admin wrote:
>> Just a thought. Why not add a simple OpenID extension:
>>
>> <link property="openid2.PublcKey" content="ABCD..." />
>>
>> and bring openid into the world of PKI?
>
> Instead of bringing PKI into the world of OpenID?
>
> Interesting thought. It would still leave an opportunity to convince RP's (later on) that public key cryptography (not the *Infrastructure*, which is centralized) should be supported as an alternate Claimed Identity ("support" being the validation of claims on it).
>
> I think you're suggesting that, instead of ask RP's to learn how to support PKI, the OpenID links be used as an alternate propagation mechanism for keys (instead of relying on the known keyservers). Implicitly, this could be extended (via XRI) through other gateways, since the existence of alternate nameservers (each of whom claim to be the sole authority, and may be correct within their network) would still not be able to generate true namespace collisions, assuming each node in the chain verified the public keys were signed. (They still wouldn't be able to directly access CRL's and other features of a PKI, but here *gateways* could compete, since the key is effectively an absolute address across different networks.)
>
> I like! (I also get a sense of strong overlap with technologies Peter has described before, though I didn't understand them well enough then to have a good recollection now.) Now, to give PKI vets an opportunity to yell at me about why this can't work ;)
>
> -Shade
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
More information about the general
mailing list