Thoughts on BrowserID

Hi, I just saw

As someone new to this, I found a few things confusing.

First, it would be good to compare it with OpenID. Right now, I can go
to an OpenID site (e.g., click the Firefox OpenID toolbar
icon, and be logged in. How will BrowserID improve on that?

Fetching the CA certificate for my email provider rather than sending
my personal identifier to them seems like an advantage over OpenID
(better for privacy), though it looks like this is optional in the

The page says that the system is "decentralized". Yet the example site
and the example developer code make heavy use of "". It's
hard to tell whether this is just for convenience, or whether there
really is a dependency on it. asks me for a password, which seems strange. I thought I
was logging in using my email provider? I was expecting to validate my
email address and then have a key-pair added to my browser. What is
the extra password for?

Sorry for all the questions.

7/15/2011 10:44:50 AM 1643 articles. 4 followers. Post Follow

3 Replies

Similar Articles

[PageSpeed] 46

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Disclaimer: I'm not anyone official, this is just one guy's current=20
understanding, please correct my mistakes.

On Fri, Jul 15, 2011 at 06:40:24AM -0700, Tom Boutell wrote:
> Which, in turn, raises the question of why we should all use=20
> and not facebook connect. only exists because your browser and email provider don't=20
support BrowserID yet. Once they do, you never need to see

The ultimate goal of this system is that your email provider (Primary=20
Identity Authority) will provide a public key that allows relying=20
parties to verify that yes, you actually own that email address you're=20

Since no email providers are Primary Identity Authorities yet, we need a=20
Secondary Identity Authority ( to fill the gap. It's a=20
clever way to sidestep the chicken/egg issue that this system would have=20

Content-Type: application/pgp-signature

Version: GnuPG v2.0.17 (GNU/Linux)


7/15/2011 8:12:57 AM
Looks like is just another site on which you have an old-scho=
ol account, with your email address as the "username" (thus the need for a =
password). does traditional email address verification once, =
and then in future other sites can just authenticate via w=
hich is fine as far as it goes, except as you say we already have openid an=
d openauth, and the only real change here is the idea of having just one lo=
gin site. Which, in turn, raises the question of why we should all use brow= and not facebook connect. What are the advantages of browserid.or=
g over the other options? Sure, it seems nonpartisan, but does it have a su=
stainable business plan to cover the enormous traffic levels to be expected=
7/15/2011 1:40:24 PM
On 15 Jul., 10:12, Brendan Taylor <> wrote:
> only exists because your browser and email provider don't
> support BrowserID yet. Once they do, you never need to see
> again.

What's what I think and how I understood it too. There is a mockup
Alex Faarborg on behalf of the Firefox User Experience Team that
show's how BrowserID could be like when it's implemented into firefox:
7/15/2011 2:30:49 PM