[Openid-specs-ab] Do we want to remove Encryption?

Nat Sakimura sakimura at gmail.com
Thu May 27 18:37:17 UTC 2010

At IIW, we were almost removing encryption option from the spec., but
I decided to wait until I heard from the wider community.

Some feedback that I was getting was that sometimes we want to have
the payload level encryption and not rely on the pipe (SSL).
SSL sessions are sometimes terminated in the middle and to achieve the
end-to-end encryption, payload level encryption is the only way to go.

What do you think?

Nat Sakimura (=nat)

More information about the Openid-specs-ab mailing list