security
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 23 20:51:18 UTC 2006
Dick Hardt wrote:
> In my example, I was logging into a blog providing only my blog URL
> that was going to be displayed publicly.
>
> Clearly if I am moving personal data that is sensitive, I would want
> SSL to be used, and just like providing data to forms today, RPs use
> SSL when the data is sensitive.
I suppose, that if any exchange between the IDP - RP - Client during
authentication is performed in the open (i.e. plain text) it can be
exploit...This means, that the authentication system has been
compromised and would be therefor useless. This can be user/password
pairs but also any shared secret between the parties...
>
> -- Dick
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/406864df/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/406864df/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/406864df/attachment-0002.bin>
More information about the general
mailing list