OpenID homesite authorization spoofed
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Oct 24 01:55:12 UTC 2006
James A. Donald wrote:
> Those arguing against SSL would have a point if they
> argued cost to benefit, rather than arguing we don't
> need security. If we don't need security, we don't need
> OpenID.
Absolutely... :-)
> If SSL and DNSSEC does not do it, there should be some
> way of doing it, and at substantially lower cost.
As someone else pointed out already: Serious sites are going to use SSL
even if not required by the specs and by reading
http://openid.net/pipermail/specs/2006-October/000463.html one could
almost say, that it will be a de-facto standard anyway....So why not
making it one anyway? At least it would be defined and make the spec
itself stronger...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/fae30782/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/fae30782/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/fae30782/attachment-0002.bin>
More information about the general
mailing list