On 23-Oct-06, at 11:15 AM, Chris Drake wrote: > DH> compromised. No personal data is moved in the connection > between the > DH> user and the RP. > > ... except when using the Simple Registration Extension the example I presented was logging into a blog providing only my URL