Eddy Nigg (StartCom Ltd.) wrote: > ...SSL should give sufficient protection against sniffing and to a > certain extend for MITM attacks... Eddy, Should OpenID disallow SSL 3.0 and enforce TLS 1.0 to remove the possibility of a null encryption cipher set up between RP and IDP? If so, how? -Hans