This was, of course, the original LID design, and you are presenting the rationale for it.
See http://lid.netmesh.org/ On Apr 4, 2007, at 20:59, Chris Drake wrote: > Thursday, April 5, 2007, 5:43:02 AM, you wrote: > > [snip] > > DO> How these keys are handled internally could be left to the > DO> consumer or RP. > > [snip] > > This sounds like another *strong* use-case for updating the OpenID > protocol to allow transactions to take place when the user is not > present. > > I am not likely to be present when people relying upon my certificates > choose to verify signatures, check for revocation, or attempt to > encrypt stuff destined for me. > > There needs to be a way for the RP to contact my OP and get access to > my information (eg: my current public key and revocation list) - by my > explicit prior consent of course. > > I believe it's entirely unreasonable, and privacy-invasive, and > identity-theft-dangering, to expect every RP out there to have to > cache a copy of all my credentials, and for me or my OP to have to > propagate any changes/updates/addition etc out to them all. Keeping > all my info in one place solves this - only if the RPs can get what > they want, *when* they want, which can't be done without > server-to-server means. > > Chris. > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs