On May 30, 2007, at 21:02, Johnny Bufu wrote:
...The bottom line is that it can't be done easily - a mechanism similar to XRI's canonical ID verification would have to be employed, to confirm that the i- number actually 'belongs' to the URL on which discovery was initiated. (Otherwise anyone could put any i-number in their URL- based XRDS files.)
Public keys ... public keys ... with the added benefit that no centralized or trusted verification service needs to be employed whatsoever ...
Johannes Ernst NetMesh Inc.
_______________________________________________ specs mailing list email@example.com http://openid.net/mailman/listinfo/specs