I would postulate that if you want to be able to prove your identity,  
you cannot allow your credential to be lost, interpreting  
"credential" to be all the information that bears onto establishing  
your identity. (saying it this way, it is a tautology.)

This is independent of whether anybody uses public keys, or any other  
technology. So I very strongly suspect that while it may be more  
apparent to you guys that the issue exists for public key technology,  
it also exists for all other approaches, whether we know them at this  
time or not!

However, I can readily see that strong voices (that'd be you  
guys ;-)) are not ready to adopt any kind of public key technology  
into the OpenID family, never mind whether X or Y wins this  
particular argument. So we don't need to continue this thread.

I continue to believe, however, as I have said before, that we don't  
have enough of an agreement on the solution to be able to standardize  
any of them at this time. (Personally, I don't think we have  
agreement on the problems to be solved either.) I'd much rather see  
our creative juices flowing on the much larger problem of simplifying  
the OpenID Auth draft in a manner that people say "this is much  
easier than 1.1" instead of the opposite.

On Jun 3, 2007, at 23:11, =nat wrote:

> Dick's concern is very valid, I think.
> I do not even want to think of the consequence of losing my own
> main identity secret :-p
> =nat
>> -----Original Message-----
>> [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt
>> Sent: Sunday, June 03, 2007 8:24 PM
>> To: Johannes Ernst
>> Cc: OpenID specs list
>> Subject: Re: Specifying identifier recycling
>> There is a huge difference between the OP/RP shared secret
>> and using a shared secret as an identifier.
>> The secret between the OP and RP has a mechanism for it to be
>> recycled. If it happens to be lost, then the pair can set up
>> a new secret.
>> If the user's secret is lost, then that identifier and any
>> accounts that it was used for are lost.
>> -- Dick
> _______________________________________________
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs

specs mailing list

Reply via email to