security
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Oct 22 22:48:14 UTC 2006
Recordon, David wrote:
> There
> are however use cases where SSL is not required, running OpenID solely
> on an intranet for example,
Business espionage happens usually from within the internal company
network....
> but for the majority of cases SSL is highly
> recommended which I think the spec makes clear.
>
Recommendations are non-binding and don't prevent from the protocol to
access also http (in fact it is advised for incomplete URI's to try
http, https and xri)
> --David
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/d72fc4db/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/d72fc4db/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/d72fc4db/attachment-0002.bin>
More information about the general
mailing list