using the identity url to contain a key fingerprint

Imran Ghory imranghory at
Tue May 24 12:11:04 PDT 2005

On 5/24/05, Ben Hyde <bhyde at> wrote:
> Validating the id-server's keys can be kept independent of the openID
> user pages.
> It doesn't seem like a good idea to entangle them.  The openID user
> pages are a large
> distributed set and once they are deployed they will be hard to change.

Yes but an ID server can use an old key to sign a new key to say it is
valid. It doesn't provide perfect security but it provides most of the
advantages of other systems without causing a signicant increase in
complexity of the protocol and without making any other assumptions
than the protocol already makes.


More information about the yadis mailing list