On Fri, 2006-09-29 at 23:12 -0400, seth vidal wrote: > On Fri, 2006-09-29 at 19:47 -0700, Karsten Wade wrote: > > On Wed, 2006-09-27 at 18:23 +0530, Rahul wrote: > > > > > Its not the requirement of the CLA itself for the wiki that is a big > > > problem but the process. If it's just a click through method I suspect > > > we wouldnt have any complaints at all. > > > > The requirement we are meeting with the GPG signing is to provide a > > higher likelihood that the new account holder is actually who they say > > they are. > > > > No promises, but I bet a valid OpenID would suffice for the proof. The > > CLA could then be just a click-through. > > > > from what I've read there's no cryptographic signature of any type with > openid. > > We might want to make sure that's valid for legal purposes. I believe the OpenID 2.0 standard (now in draft) does include some signature capability from the ID provider to the target site. But Seth is right, the point of OpenID is not to prove that you are who you say you are -- it's to prove that you're the same person who a URL says you are (i.e. the owner). Unless we have a way of trusting the authentication mechanism of the ID provider, that information is not as useful as a GPG signature could be. But on the other hand, right now we don't even require a key to be signed by a mutually trusted third party, so anyone can create an email address and a key, and fraudulently sign the CLA. So I would question that OpenID is really a lower standard than what we have now. -- Paul W. Frields, RHCE http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 Fedora Project Board: http://fedoraproject.org/wiki/Board Fedora Docs Project: http://fedoraproject.org/wiki/DocsProject
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
_______________________________________________ fedora-advisory-board-readonly mailing list fedora-advisory-board-readonly@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board-readonly
