<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Peter,<br>
<br>
I think you're downplaying the significance of comments. A Yahoo user
can post an authoritative memo on a Blogger blog, in the form of a
comment, today. This is equivalent to email providers interoperating,
though with far better authentication than email. <br>
<br>
Your quoted text sounded a bit florid for us :), so I went and checked.
The actual wording of the claim is:<br>
<blockquote>You'll see the OpenID icon (<img
src="cid:part1.05070005.08010304@acm.org" alt="OpenID icon"
style="border: medium none ; padding: 0pt; display: inline;"
height="16" width="16">)
next to the names of commenters who posted with their OpenID. This icon
assures you that the person who posted the comment is the same person
blogging at the URL their name links to. <span
style="font-style: italic;">Say goodbye to comment spoofing!</span></blockquote>
In the context of blogging, comment spoofing means that I take your
blog URL and put it in as my signature, and thereby pretend to be you.
Blogger used to let commenters do this if the blog owners chose to
allow anonymous comments. Unfortunately 'anonymous' really means
'don't make them get yet another account just to leave a comment.' and
so they are often actually signed in an unverifiable way.<br>
<br>
OpenID lets us eliminate this comment spoofing, barring rogue or
compromised blog provider OPs. We do not have a whitelist but we can
if necessary blacklist compromised OPs. We don't particularly care
about something like bugmenot.<br>
<br>
John<br>
<br>
<br>
Peter Williams wrote:
<blockquote
cite="mid:18498B6C4F691545B050D6A531BA449502D78822@rapmsg02.rapnt.com"
type="cite">
<pre wrap="">The blurb is rather misleading - unless Blogger is operating an OP white list. It cliams that comment spoofing is thing of the past - which is obviously not true no matter what semantics one applies to the spin verbiage.
"Whereas HTTP Headers might have been manipulated by the evil {choose a foreign enemy nation} mafia, comment spoofing protection by Google now fights evil with the web2.0's ultimate Sword of Damacles (openid2), cleveing forever a rift between spoofed and non-spoofed blog comments."
Im being harsh. Adoption is always king - and adoption of authenticated comments by the major blog portals should be highly commended. But, lets not get carried away. The main act is yet to play: can a yahoo-user login to his Blogger site via openid, to post an authoritative memo (and vice versa).
________________________________
From: Dick Hardt [<a class="moz-txt-link-freetext" href="mailto:dick@sxip.com">mailto:dick@sxip.com</a>]
Sent: Tue 2/5/2008 6:29 PM
To: Peter Williams
Cc: Martin Atkins; <a class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</a>
Subject: Re: [OpenID] Yahoo issue
On 5-Feb-08, at 5:28 PM, Peter Williams wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Url to the google endpoint pls?
</pre>
</blockquote>
<pre wrap=""><!---->
used for comments on blogger -- been supported for a while
you can learn about here:
<a class="moz-txt-link-freetext" href="http://buzz.blogger.com/2007/12/openid-commenting.html">http://buzz.blogger.com/2007/12/openid-commenting.html</a>
more info at:
<a class="moz-txt-link-freetext" href="http://www.google.com/search?q=google+openid+blogger">http://www.google.com/search?q=google+openid+blogger</a>
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</a>
<a class="moz-txt-link-freetext" href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
<br>
</body>
</html>