Dick's concern is very valid, I think. 

I do not even want to think of the consequence of losing my own 
main identity secret :-p


> -----Original Message-----
> [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt
> Sent: Sunday, June 03, 2007 8:24 PM
> To: Johannes Ernst
> Cc: OpenID specs list
> Subject: Re: Specifying identifier recycling
> There is a huge difference between the OP/RP shared secret 
> and using a shared secret as an identifier.
> The secret between the OP and RP has a mechanism for it to be 
> recycled. If it happens to be lost, then the pair can set up 
> a new secret.
> If the user's secret is lost, then that identifier and any 
> accounts that it was used for are lost.
> -- Dick

specs mailing list

Reply via email to