[OpenID] Trust + Security @ OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Jul 20 17:31:26 UTC 2007
Dmitry Shechtman wrote:
>
> So my question stands: what should the RP's decision in case a
> non-upgradeable http:// variant of the identifier is detected?
>
Connect only to https URLs
> I am fully aware of the DNS spoofing risks, but I am also assuming no OPs
> (in the wild, that is) currently satisfy this constraint
How about this one? https://certifi.ca/
> (i.e. either SSL
> only or TLS-upgradable identifiers).
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: startcom at startcom.org
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070720/aaa9ee6e/attachment-0002.htm>
More information about the general
mailing list