Identity Based Encryption
One of the things that is on my radar is the move towards identity-based encryption (http://crypto.stanford.edu/ibe/). I am curious if anyone hear has explored how it can work with OpenID? Hopefully we aren't assuming PKI only? Has anyone invited the folks from Stanford and/or Voltage to participate? If not, I will. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Identity Based Encryption
Hi James, There has been some discussion, though normally around DTP http://openid.net/specs/openid-service-key-discovery-1_0-01.html, http://openid.net/specs/openid-dtp-messages-1_0-03.html, http://openid.net/pipermail/specs/2007-January/001104.html. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James McGovern Sent: Saturday, January 06, 2007 3:43 AM To: specs@openid.net Subject: Identity Based Encryption Sensitivity: Confidential One of the things that is on my radar is the move towards identity-based encryption (http://crypto.stanford.edu/ibe/). I am curious if anyone hear has explored how it can work with OpenID? Hopefully we aren't assuming PKI only? Has anyone invited the folks from Stanford and/or Voltage to participate? If not, I will. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Question on Conferences and the Marketing of OpenID
I learned of OpenID because I ran across it while blogging. Otherwise, in context of my day job working for a Fortune 100 enterprise whose primary business model isn't technology otherwise would have never heard of it. While this list is to discuss specifications, this begs the question of should we create specifications around how to get the word out better to all of my industry peers. Noticed that folks from Verisign were key players in the creation of this spec, yet it is not prominently mentioned on their web site. If you know to search for it, it still only returns two results. What do we need to do to get Verisign and the other large guys (small guys are covered) to show a little more respect towards OpenID in terms of their own web site? I ran across The : Authentication and Online Trust Alliance and their upcoming conference (http://www.aotalliance.org/summit2007/) and noted that no one is talking about stuff in our space. Does anyone have a list of all planned 2007 conferences where OpenID should be discussed? Also curious if anyone has been pushing the industry analyst crowd to provide coverage? If not, I will need lots of folks to start submitting inquiries to Gartner, Forrester and the Burton Group to get them to pay attention. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: OpenID.net Service Type Namespaces
I think it is a fallacy to embed too much meaning into a namespace URL. Encoding into a URL info like main, sub, and draft versions, plus add extension names and versions, and similar will soon end up with an ever-growing problem of trying to match compatible namespaces in the future. Hans ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Canonical list of overly general domains?
Daniel E. Renfer wrote: While I haven't been able to find a good list of domains that meet this requirement, what does everybody think of the idea that if you can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk any thoughts? The DNS lookup is interesting, but I feel a relying party should white-list the sites it accepts and only accept those. Any other mechanical trust relationships (such as generic blacklists) are likely to be worth next to nothing, so the RP might as well ignore checking for return address being in the trust root's set. Hans ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Canonical list of overly general domains?
On 1/6/07, Daniel E. Renfer [EMAIL PROTECTED] wrote: can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk You mean a lack of an A record implies that it's overly general? I think that would have both false positives and false negatives. For example, googlepages.com is probably too general, but certainly has an A record. AGL -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org 650-283-9641 ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Canonical list of overly general domains?
What about somebody take a stab at it (on the wiki, perhaps) and let others shoot at it? On Jan 8, 2007, at 14:34, Adam Langley wrote: On 1/6/07, Daniel E. Renfer [EMAIL PROTECTED] wrote: can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk You mean a lack of an A record implies that it's overly general? I think that would have both false positives and false negatives. For example, googlepages.com is probably too general, but certainly has an A record. AGL -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org 650-283-9641 ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs Johannes Ernst NetMesh Inc. http://netmesh.info/jernst ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs