Santosh As a reminder, here are the guidelines for participating in the OpenID lists:
Civility, cordiality, and being nice. In the course of any substantive discourse, viewpoints can be expressed in a number of different ways, both productive and counter-productive. The goal of discussion on the OpenID lists need not always be to reach consensus but to enlighten or improve the understanding of several different alternatives. As such, we encourage and delight in rigorous discussion and debate, even if gets a bit heated. Ad hominem attacks or flames (that is, those directed at a person, rather than an idea) will not be tolerated and may result in a cooling off period or ban. If you think someone’s flaming you or being needlessly offensive, do take it up with them in private e-mail. If they get abusive, discuss it with the list administrators. Don’t take it onto the public list, or make a public spectacle. The email below does not comply with the guidelines. This is a personal attack on Eran and is not acceptable and an apology is warranted. Unfortunately, your account on OpenID lists will once again be moderated by myself for at least 2 months. Moderation will be lifted if you have demonstrated you are willing to consistently productively participate in discussions. -- Dick On 2010-06-07, at 11:31 PM, Santosh Rajan wrote: > Sorry to say this. Even though you think the situation is "overblown", I > think you have "really lost it", I think you have really gone "NUTS". I think > your own suggestion in an earlier post that you would like to go australia, > frankly, I thing, is a good idea and you should keep up with that promise. > > On Tue, Jun 8, 2010 at 10:47 AM, Eran Hammer-Lahav <[email protected]> > wrote: > > > > -----Original Message----- > > From: [email protected] [mailto:openid-specs- > > [email protected]] On Behalf Of John Panzer > > Sent: Monday, June 07, 2010 9:47 PM > > > (Note that exactly the same issues arise when downloading extensions. JS is > > just a way of delivering always-latest-version extensions to your browser.) > > Only in this case, the user is in full control over what extensions are being > installed and updated in its browser. > > If Google, Yahoo, Microsoft, and the rest of the companies supporting the > OpenID effort deployed the server-side half of this proposal, and spent a > little money on developing plug-ins for all the major browsers (with Google > and Microsoft able to also include it in the next release of their browser), > it will create the tipping point in getting some form of identity selector in > the browser. > > It was one thing for the OpenID community of 3 years ago to hack the protocol > around the limitations of that time. These arguments are just insincere when > they come from Google, now that you have a pretty successful browser > (especially considering its age) and massively huge web footprint to promote > such a feature. > > At the end, until you no longer use a script hosted in a single server, > whoever is in control of this server can do whatever they like. Yes, if they > do something bad it will be noticed, but that's like putting a bag full of > cash on a street corner with a video camera next to it. Add to that the > wealth of information the xauth.org site operator can gather without anyone's > knowledge, this becomes a scary proposition. > > Your entire argument is that my concerns are "overblown", but not that the > basic premise is incorrect. XAuth uses a single web server which is the most > essential part of the proposal. The fact that the data itself isn't stored on > that server (say, in a cookie sent to it) is an improvement over using > cookies to store this data, but not by much. > > If this was something like the gravatar service - maybe. But you are asking > for blind trust in something that is core to web security and privacy. > > EHL > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > > > > -- > http://hi.im/santosh > > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
