[OpenID] Trust + Security @ OpenID

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Jul 20 17:31:26 UTC 2007


Dmitry Shechtman wrote:
>
> So my question stands: what should the RP's decision in case a
> non-upgradeable http:// variant of the identifier is detected?
>   
Connect only to https URLs
> I am fully aware of the DNS spoofing risks, but I am also assuming no OPs
> (in the wild, that is) currently satisfy this constraint 
How about this one? https://certifi.ca/
> (i.e. either SSL
> only or TLS-upgradable identifiers). 
>   

-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      startcom at startcom.org
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070720/aaa9ee6e/attachment-0002.htm>


More information about the general mailing list