Dick's concern is very valid, I think. 

I do not even want to think of the consequence of losing my own 
main identity secret :-p

=nat

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt
> Sent: Sunday, June 03, 2007 8:24 PM
> To: Johannes Ernst
> Cc: OpenID specs list
> Subject: Re: Specifying identifier recycling
> 
> There is a huge difference between the OP/RP shared secret 
> and using a shared secret as an identifier.
> 
> The secret between the OP and RP has a mechanism for it to be 
> recycled. If it happens to be lost, then the pair can set up 
> a new secret.
> 
> If the user's secret is lost, then that identifier and any 
> accounts that it was used for are lost.
> 
> -- Dick
> 

_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to