D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OK so whats wrong with it?

 

The only issue I see is that OpenID doesn't provide "trust".

All you know is that "URI-1" is probably "URI-1" again. We do that level
of security with SSH (it warns you if the server isn't the same server
as it was before) before you pass credentials to establish trust.

You don't know if URI-1 is a spammer, so you still want to make them
answer a captcha.

Of course OpenID provides a framework in which trust can be provided. We
could decide that a provider is good enough not to need a captcha.

Inevitably one of these schemes will succeed, and it looks like OpenID
will be that scheme at the moment.

But the idea that it is a URL you control is irrelevant details,
ultimately if it succeeds your bank will provide you an OpenID, that
they guarantee for £${account_balance}.

Presumably people will have several OpenID identities (I expect the
spammer already have 10,000's), as you wouldn't want to discovered you
can't post to "natwestsucks.com" because they just suspended your bank
account. Although I may have misunderstood the framework. So you'll
still have multiple accounts, and multiple passwords, just fewer, and
you won't send the password to random people.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html