[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] trust profiles for XRD
Ben Laurie wrote: > On Thu, Dec 18, 2008 at 4:44 PM, Sakimura Nat <n-sakimura@nri.co.jp> wrote: > >> Indeed, and one of the most obvious way to mitigate the problem is to rely on a trusted registry that makes sure that it does not get reassigned to another party. Then the problem is reduced to whether you believe the operation and longevity of that registry. >> >> For example, Alice may at one time claim that alice.name belongs to her and she intents to use it as an abstract identifier for her. >> Then, she could obtain a cert from, say, a reputed CA called Verising. However, she cannot get it for http://alice.name/. Instead, she has to create a fragment portion as well, so that the abstract identifier would look like http://alice.name/#20081216 . >> Verising issues a certificate for this abstract identifer. >> >> At a later date, Alice looses alice.name. Bob gets it. >> To impersonate her accounts, he tries to get a cert from Verising for http://alice.name/#20081216. >> Verisign then checks if Bob is the same person as Alice, and finds out he is not. >> Then, Verising would not issue the cert. It would for something like http://alice.name/#20110303 but not http://alice.name/#20081216 . >> > > So, in other words, we solve the identity problem by getting somebody > else to solve the identity problem. > > I don't find this idea very attractive. > > If users really want identifiers that last forever, then they can buy > them from a domain that promises to stay around forever (for example, > for £500 I could get a domain in .uk for the next 100 years). I don't > see why we'd want to construct the spec so that the _only_ way to get > an identifier is through a similarly expensive process. > > By all means, though, point out that if you lose your domain, then you > lose your identifier. > And that's what we know as OpenID recycle problem and ID loss problem. I was suggesting one solution to that. It might be costly, but I could not come up with any better idea. If you have another solution, please let me know. I am very interested.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]