Summarizing Where We're At
Mike Glover
mpg4 at janrain.com
Mon Oct 16 23:21:39 UTC 2006
On Mon, 16 Oct 2006 15:24:25 -0700
"Recordon, David" <drecordon at verisign.com> wrote:
>
> Change default session type
> * +1
I'm not sure what changing the default buys us. The RP still has to create a public modulus and send it in the request in order to use DH, so there's still a positive action required to use session encryption. We'd have a situation where requests would have either .session_type or .dh_consumer_public, but possibly not both. That's more confusing than what we have now.
>
> Bare request
> * 0
>
> --David
>
>
More information about the specs
mailing list