Why URL?

[Brad Fitzpatrick]

On Wed, 17 Aug 2005, Alexey Khmara wrote:

> Yes, I agree - it's important to have resource that can be used in any
> way. But now user cannot change this URL without losing identity. It
> isn't good, as for me. I think, this problen can be solved without
> losing advantages that we have with URLs. In my scheme (of cource, it's
> just example to show the principle) URL used as identity, and if you
> don't want, you don't have to deal with keys and even to know about them
>  - but if you
> need, you can change this URL, so you are not binded to particular
> provider of authentication service.
> About untrusted PGP key - with URL, we distinguish user that can be
> authorized with this URL. With PGP keys, we distinguish user that can
> decrypt message, encrypted with this key.

I agree PGP is better, and I acknowledge all problems with OpenID.

But let's have a race:  go build a popular identity system (for the web)
with PGP and tell me how it goes, and how quickly adoption happens,
especially with writing all those browser plugins, telling people why they
need to download plugins, convincing them they're not spy/adware, and
then teaching them about public key encryption, key revocation, the web of
trust, etc.

Good luck.

- Brad