HTTPS status
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Thu Mar 1 18:20:01 UTC 2007
May I argue that a secure end-to-end encrypted channel does not always equal SSL? I know that PKI is pervasive, but wouldn't want to rule out the potential of using identity-based encryption (IBE)...
Date: Wed, 28 Feb 2007 20:23:46 -0600
From: "Alaric Dailey" <alaricdailey at hotmail.com>
Subject: RE: HTTPS status
To: <specs at openid.net>
Message-ID: <BAY109-DAV63A14227A19952C915E79C7800 at phx.gbl>
Content-Type: text/plain; charset="us-ascii"
That wording is better than I remember, but really with free certificates
being readily available, and the obvious need for prtecting users data, WHY
oh WHY is there even support for an unencrypted channel? Heck even Jabber
is being moved to a completely secure end to end encrypted channel. With
this being created brand new, why start insecure?
I realize I am repeating the same thing I started a few months ago, but with
MS and AOL supporting OpenID, it means a lot more users will be exposed to
it, making it even more important to do it right from the beginning.
Why is there such reluctance?
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
More information about the specs
mailing list