On 1 Apr 2008, at 15:22, Anthony Steele wrote: > Story Henry wrote: > > > But instead of requiring an Identity server we use >> PGP asymmetric key cryptography to identify the User Agent Owner. > > A point of order: In this context, PGP stands for "Pretty Good > Privacy". It is a particular implementation, albeit a > groundbreaking one. GPG (http://gnupg.org/ ) is another. I don't > want to be tied to an implementation when I can use standards. Yes quite right. I was thinking of any algorithm that would use public key encryption, and that would allow a public key to be safely published on the web. As with HTTPS I can imagine that a good protocol would be flexible as to which algorithm to use. Toby Inkster had a some interesting thoughts on how this could relate to https http://www.w3.org/mid/62649.81.2.120.180.1206622777.squirrel@goddamn.co.uk Henry > I see from Wikipedia (http://en.wikipedia.org/wiki/ > Pretty_Good_Privacy ) > that the relevant standard for public-key cryptography is rfc4880 (http://tools.ietf.org/html/rfc4880 > ) > > If this would be easier to implement for me over openId/OAuth > depends on the availability of libraries. I haven't had time to look > into this or the technical merits of the solution yet. > > Anthony
Received on Tuesday, 1 April 2008 13:58:44 UTC