[OpenID] One-Click OpenID: A Solution to the NASCAR Problem
Francisco Corella
fcorella at pomcor.com
Thu Feb 16 20:33:20 UTC 2012
Shade,
> > 3 things are different - and not just the same old war horse
> arguments, repeated over and over and over again. There are
> different types of certs, and IDPs can issue them too (for
> "management/discovery purposes").
>
> Modern browsers have solved the "common CA pool" problem? IDPs can
> sign these different cert types (below them in that special type's own
> hierarchy) without necessarily being granted the authority to sign ANY
> cert, say of the common SSL type?
Any site can issue a self-signed certificate (or a certificate that's
not signed at all), if the certificate is intended to only be
presented to the very same site that issued it.
Btw the relying party could issue a self-signed certificate that it
would verify itself. That's a good alternative to what I'm proposing.
But what I'm proposing is simpler for the relying party, which doesn't
have to deal with certificates at all.
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120216/4b7e5e54/attachment.html>
More information about the general
mailing list