incubator-heraldry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hallam-Baker, Phillip" <pba...@verisign.com>
Subject RE: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
Date Mon, 22 Jan 2007 19:24:28 GMT
On the contrary, PKI is the basis of the security infrastructure that so far has provided the
greatest defense against Internet crime - SSL.

Judged by any rational set of standards SSL has been the most successful security protocol
of all time. The costs of the PKI infrastructure are negligible compared to the value of the
commerce it supports.


There are uses of S/MIME that do provide effective security controls for the community that
applies them. But any CA that continues to advocate per-user certs in place of domain level
authentication has failled to understand their real business interests.

> -----Original Message-----
> From: James A. Donald [mailto:jamesd@echeque.com] 
> Sent: Monday, January 22, 2007 1:42 PM
> To: Ben Laurie
> Cc: Hallam-Baker, Phillip; specs@openid.net; openid-general; 
> heraldry-dev@incubator.apache.org
> Subject: Re: [OpenID] Announcing OpenID Authentication 2.0 - 
> Implementor'sDraft 11
> 
> Hallam-Baker, Phillip
>  > > > If you change the browser you might as well really  > 
> > > change the browser and use a strong authentication  > > > 
> mechanism based on PKI
> 
> Ben Laurie
>  > > I'm sure you meant to say "based on asymmetric  > > 
> cryptography".
> 
> Hallam-Baker, Phillip
>  > No, any time you have a trusted key you have an  > infrastructure.
> 
> No you do not, nor is PKI useful in solving phishing.
> 
> PKI is a solution that has been tried and has failed.
> It has become an obstacle, as commercial interests actively 
> block alternatives that do not involve a small number of 
> centralized authorities with a special privilege that enables 
> them to intrude between client and server and charge the server.
> 
> 

Mime
View raw message