--
James A. Donald
nor is PKI useful in solving phishing.
PKI is a solution that has been tried and has
failed. It has become an obstacle, as commercial
interests actively block alternatives that do not
involve a small number of centralized authorities
with a special
that SSL succeeds
because of PKI, rather than in spite of it?
Hallam-Baker, Phillip
SSL achieves the original security goals set for it.
Which were defined to fit what PKI does, not what the
user needs.
The user needs proof of relationship, not proof of true
name.
--digsig
James
Hallam-Baker, Phillip
If you change the browser you might as well really
change the browser and use a strong authentication
mechanism based on PKI
Ben Laurie
I'm sure you meant to say based on asymmetric
cryptography.
Hallam-Baker, Phillip
No, any time you have a trusted key
Gabe Wachob wrote:
Actually, the language was changed from post to a
list, not subscribe to a list for this very reason.
It appears to me that your intent is, or should be, to
protect against patent trolls, who are likely to
retroactively patent the OpenID standard now that it is
being widely
So the technology is first proposed and described
on this list, on 2006 December 7, 2006. It is
incorporated into the standard and comes to be
widely used around about, say, 2007 August. On
2007 December 5, 2007, the patent troll has a
friendly individual inventor file an
