Agreed. I am not yet convinced about symetric or asymetric keys, one way or the other. Convince me if you can. And probably we might have the answer to the miillion$ questions.<br><br><div class="gmail_quote">On Mon, May 17, 2010 at 8:49 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The reason i am saying this is because we seem to have got ourselves stuck up on the idea that "Only symmetric keys will work". In spite of the fact that I am more or less in tune with this idea, have we "investigated the fact that asymmetric keys might be the solution to the Identity problem?".<br>
</blockquote>
<br></div>
Nice spin there: investigated the "fact"?<br>
<br>
Controlled by users, doable. Are users ready for that yet? Apparently not, though you might try asking the folks over at Diaspora.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I know this will ruffle some feathers around here, but don't you think we need to give it a serious consideration for OpenID.<br>
</blockquote>
<br></div>
Out of scope for now: asymmetric crypto controlled by 3rd parties (worse than escrow: in OpenID as currently stands, we'd be looking at the equivalent of Trusted Computing) isn't user-centric identity. If you really want your identity to *belong* to some 3rd party, consider how difficult it would be to migrate to a new key based on a *shared* secret.<br>
<br>
-Shade<br>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>