[security] security

[Martin Atkins]

Eddy Nigg (StartCom Ltd.) wrote:
> 
> Today (2006), there is no reason to pretend we are in the early 80's.
> Without offending anybody, but this borders on stupidity, to implement a
> new protocol and standard without taking into account the aspects of
> most basic security requirements. I agree, that there are many different
> ways doing that, but not doing anything is negligence!
> 

Eddy, I think we're just going to have to agree to disagree. I prefer 
the design principle of having lots of simple, focused components that 
solve only one problem. You, on the other hand, seem to favour big, 
all-encompassing solutions that try to "save the world" by solving every 
problem ever conceived in one fell swoop. I don't believe that the 
latter approach can work in the real world, but that's just my opinion.

We're never going to come to an agreement with such a fundamental 
difference in outlook, and this current debate between us is just going 
around in circles.

Of course, I'm not speaking for anyone else but myself with this. My 
views do not represent that of the "OpenID community". You may have more 
luck persuading others, but given the "small problems, small solutions" 
culture that OpenID has grown up in, I suspect you'll be facing an 
uphill struggle.