On 16/05/13 16:42, Russ Allbery wrote:
> In essence, [WebID]
> moves the authentication problem from user authentication to
> URI endpoint authentication, under the theory that we already know how to
> validate URI endpoints and that such validation is an easier problem.
... or to look at it another way: it moves the authentication problem to
URI endpoint authentication, because while we don't have a great
solution for that either, it's a problem we need a solution for anyway
in order to have secure websites, email, etc.?
(Also, it does mean users in a shared domain don't have to interact with
CAs individually.)
Hopefully some combination of the CA cartel, DNSSEC/DANE, Sovereign Keys
and/or Convergence will end up as a close enough approximation to a
solution in a finite time...
S
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5195024e.4090...@debian.org
