using the identity url to contain a key fingerprint
imranghory at gmail.com
Tue May 24 12:11:04 PDT 2005
On 5/24/05, Ben Hyde <bhyde at pobox.com> wrote:
> Validating the id-server's keys can be kept independent of the openID
> user pages.
> It doesn't seem like a good idea to entangle them. The openID user
> pages are a large
> distributed set and once they are deployed they will be hard to change.
Yes but an ID server can use an old key to sign a new key to say it is
valid. It doesn't provide perfect security but it provides most of the
advantages of other systems without causing a signicant increase in
complexity of the protocol and without making any other assumptions
than the protocol already makes.
More information about the yadis