<HTML><HEAD></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV id=idOWAReplyText99996 dir=ltr>
<DIV dir=ltr><FONT color=#000000>Eddy. it was a pleasure using your site. Someone has gone to a lot of trouble to make a highly commendable service.</FONT></DIV></DIV>
<DIV dir=ltr><BR> </DIV>
<DIV dir=ltr>you say: "Lets hear how it goes..."</DIV>
<DIV>
<BLOCKQUOTE type="cite">
<DIV id=idOWAReplyText61839 dir=ltr>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I have been unable to use the openid <A href="https://pwilliams.startssl.com/" target=_blank>https://pwilliams.startssl.com/</A> at plaxo. Im *guessing* from their user error message that they cannot(or will not) resolve your OP's https root cert. They are, I'm **guessing** applying white listing rules on OPs, based on PKI browser root cert conventions - inherited from MSFT (reasonably fair audit-based practice, slightly biased towards larger companies) or Mozilla (pay $$ for entry or "know a programmer").</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I eventually (probably) enrolled with an SSL client cert, but it was difficult. I tried harder than the average consumer will. My SCM smartcard reader connected to Vista SP1 with an IBM javacard inserted did blink, whilst enrolling at your site with IE7 and probably completed SSL client cert 1024 bit RSA keygen. What that blinking means... I do not know. The enrollment process was not seemless, due to IE7 popup and trust issues. I tried harder than the average consumer would, to work around these issues.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>10 years ago Id have personally been exstatic with your site. When we published our Adison-Wesley book way back then on how to use the NT4 SP1 MSFT cert server, it was with the aim of promoting folks like you to do exactly what you are doing. Not everyone at VeriSign *m employer at the time) was exactly exstatic at the prospect of such as you entering their market</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Your site has made clear efforts to get around some of the barriers to entry into the market that I helped V***** create, to deter effective competiton (American style) . Id judge you to have failed, as designed. As it stands, the average site/user focussing on unamaned consumer workstations will choose to pay V**** rather than work around the road blocks. Whilst it was my specific intention to deny folks entry to market for cert issuing to the public for reasons of crypto politics, it was NOT my intention to prevent delivery of value-added services like openid. I apologize.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>The comment about - please change to firefox rather than use IE (when using smartcards) was a turn off. Rapattoni's site is tuned up for IE (possibly too much :-( )</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>On our own consumer, tell me what to do to make <A href="http://rapattoni.trustbearer.com/consumer/try_auth.php?action=verify&openid_identifier=https%3A%2F%2Fpwilliams.startssl.com" target=_blank>http://rapattoni.trustbearer.com/consumer/try_auth.php?action=verify&openid_identifier=https%3A%2F%2Fpwilliams.startssl.com</A>+ work, and I will make any reasonable efforts to interoperate. The folks at trustbearer are more than supportive of each and every open source community making best efforts to move the state of the art forward.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>First adoption. Then interoperability. Then quality. Then compliance. This is the way of the web.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Peter</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr> </DIV></DIV></BLOCKQUOTE></DIV></BODY></HTML>