security
Martin Atkins
mart at degeneration.co.uk
Mon Oct 23 07:06:38 UTC 2006
Alaric Dailey wrote:
>
> Finally, if LiveJournal doesn't want to use SSL, especially with low-cost
> and free SSL certs available, I have to wonder, why? What is reason? Too
> cheap to buy cheap certs, lack of interest in their users privacy? Maybe
> they only see their support of OpenID as a good PR move and only want to put
> minimal effort into it.
>
I can't speak for LiveJournal as far as their reasons for not allowing
SSL on the OpenID IdP, but LiveJournal *does* have an SSL cert and a
secured site where user signups/payments are accepted. If pushed, I
can't imagine it'd be incredibly difficult to run the OpenID IdP on the
SSL server instead of the cleartext one.
More information about the general
mailing list