Agreed. I am not yet convinced about symetric or asymetric keys, one way or the other. Convince me if you can. And probably we might have the answer to the miillion$ questions.
On Mon, May 17, 2010 at 8:49 PM, SitG Admin <[email protected] > wrote: > The reason i am saying this is because we seem to have got ourselves stuck >> up on the idea that "Only symmetric keys will work". In spite of the fact >> that I am more or less in tune with this idea, have we "investigated the >> fact that asymmetric keys might be the solution to the Identity problem?". >> > > Nice spin there: investigated the "fact"? > > Controlled by users, doable. Are users ready for that yet? Apparently not, > though you might try asking the folks over at Diaspora. > > > I know this will ruffle some feathers around here, but don't you think we >> need to give it a serious consideration for OpenID. >> > > Out of scope for now: asymmetric crypto controlled by 3rd parties (worse > than escrow: in OpenID as currently stands, we'd be looking at the > equivalent of Trusted Computing) isn't user-centric identity. If you really > want your identity to *belong* to some 3rd party, consider how difficult it > would be to migrate to a new key based on a *shared* secret. > > -Shade > -- http://hi.im/santosh
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
