The reason i am saying this is because we seem to have got ourselves stuck up on the idea that "Only symmetric keys will work". In spite of the fact that I am more or less in tune with this idea, have we "investigated the fact that asymmetric keys might be the solution to the Identity problem?".
Nice spin there: investigated the "fact"?
Controlled by users, doable. Are users ready for that yet? Apparently not, though you might try asking the folks over at Diaspora.
I know this will ruffle some feathers around here, but don't you think we need to give it a serious consideration for OpenID.
Out of scope for now: asymmetric crypto controlled by 3rd parties (worse than escrow: in OpenID as currently stands, we'd be looking at the equivalent of Trusted Computing) isn't user-centric identity. If you really want your identity to *belong* to some 3rd party, consider how difficult it would be to migrate to a new key based on a *shared* secret.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
