--
James A. Donald
nor is PKI useful in solving phishing.
PKI is a solution that has been tried and has
failed. It has become an obstacle, as commercial
interests actively block alternatives that do not
involve a small number of centralized authorities
with a special
--
Ka-Ping Yee [mailto:[EMAIL PROTECTED]
In practice SSL is primarily used to establish an
encrypted channel between endpoints, not to establish
reliable reciprocal identification. Given that almost
no users pay any attention to certificates, what
reason do we have to believe that
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie
More importantly, I think I have a solution that will make
both of us happy, but I now have to go and ride my motorbike
fast, so I'll detail it later.
Now there is an exit line to tempt the Gods.
The only way that I can see that you are
On 1/22/07, Hallam-Baker, Phillip [EMAIL PROTECTED] wrote:
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie
More importantly, I think I have a solution that will make
both of us happy, but I now have to go and ride my motorbike
fast, so I'll detail it later.
Now there is an exit line
On 1/22/07, Hallam-Baker, Phillip [EMAIL PROTECTED] wrote:
From: Ben Laurie [mailto:[EMAIL PROTECTED]
The only way that I can see that you are going to
circumvent an attempt using existing browser capabilities is
to introduce a malicious login page is through use of some
form of
Hallam-Baker, Phillip
If you change the browser you might as well really
change the browser and use a strong authentication
mechanism based on PKI
Ben Laurie
I'm sure you meant to say based on asymmetric
cryptography.
Hallam-Baker, Phillip
No, any time you have a trusted key
; heraldry-dev@incubator.apache.org
Subject: Re: [OpenID] Announcing OpenID Authentication 2.0 -
Implementor'sDraft 11
On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
On the contrary, PKI is the basis of the security
infrastructure that
so far has provided the greatest defense against
On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
On the contrary, PKI is the basis of the security infrastructure
that so far has provided the greatest defense against Internet crime - SSL.
Judged by any rational set of standards SSL has been the most
successful security protocol of all