On Apr 4, 2007, at 6:13 PM, Douglas Otis wrote: > This may seem to be off topic, but I really don't see reluctance in > using public key cryptography. DKIM would be one such example. > Nearly every gateway, and access point can utilize this means of > authentication. Think of this as yet another means to control an > account without relying upon OpenID. OpenID opens the door, where > you then hand them your public key. > > One might also wish to specifically define attributes containing > public keys used by the identity. This would be information uploaded > by the individual after creating their id_rsa.pub key information > using either system tools or specialized applications. This would > provide an alternative access method that would not rely upon OpenID > exchanges. Here again, an expiry might prove handy, and so would a > means to revoke the key. Perhaps this would be done by overlaying > it. There could be keys used to authorize some other automated > service, or to act as a replacement for OpenID once the key has been > established. One might be defined for email, IM, VoIP, etc.
It's not the public key management in a scheme like this that concerns me... Two issues: private key management - are the keys scattered, like your VOIP key lives in Gizmo, and your SSH key lives in your .ssh, and so on? Or do we by logical extension begin to impose some order here and have one key pair per person... you see where this goes, right? Secondly X509 certificates are very, very broken in terms of delegation semantics and certification semantics (at least in many people's eyes, mine included.) So.. SPKI? (yes, I've been over this territory.... and that's pretty much what I'm doing here.) Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) Cell: Iceland (+354) 869-4605 http://howtolivewiki.com/hexayurt - old http://appropedia.org/ Hexayurt_Project - new Skype/Gizmo/Gtalk: hexayurt I have a proof which unfortunately this signature is too short _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
