I would postulate that if you want to be able to prove your identity, you cannot allow your credential to be lost, interpreting "credential" to be all the information that bears onto establishing your identity. (saying it this way, it is a tautology.)
This is independent of whether anybody uses public keys, or any other technology. So I very strongly suspect that while it may be more apparent to you guys that the issue exists for public key technology, it also exists for all other approaches, whether we know them at this time or not! However, I can readily see that strong voices (that'd be you guys ;-)) are not ready to adopt any kind of public key technology into the OpenID family, never mind whether X or Y wins this particular argument. So we don't need to continue this thread. I continue to believe, however, as I have said before, that we don't have enough of an agreement on the solution to be able to standardize any of them at this time. (Personally, I don't think we have agreement on the problems to be solved either.) I'd much rather see our creative juices flowing on the much larger problem of simplifying the OpenID Auth draft in a manner that people say "this is much easier than 1.1" instead of the opposite. On Jun 3, 2007, at 23:11, =nat wrote: > Dick's concern is very valid, I think. > > I do not even want to think of the consequence of losing my own > main identity secret :-p > > =nat > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt >> Sent: Sunday, June 03, 2007 8:24 PM >> To: Johannes Ernst >> Cc: OpenID specs list >> Subject: Re: Specifying identifier recycling >> >> There is a huge difference between the OP/RP shared secret >> and using a shared secret as an identifier. >> >> The secret between the OP and RP has a mechanism for it to be >> recycled. If it happens to be lost, then the pair can set up >> a new secret. >> >> If the user's secret is lost, then that identifier and any >> accounts that it was used for are lost. >> >> -- Dick >> > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
