security

[Martin Atkins]

Chris Drake wrote:
> MA> not something I'd want to inflict on
> MA> all relying parties, and an unreasonable burden on early
> MA> adopters..
> 
> OpenID's a *library* - if you can't install an SSL cert, you've got
> utterly zero chance of figuring out how to install OpenID.  (Vanity
> URL owners don't *install* OpenID)
> 

Congratulations on completely ignoring my other point that some people 
are actually incapable of using SSL despite knowing full well how to 
configure it because:
  * They are using name-based virtual hosting, or
  * They have no access to reconfigure the server they are using

Both of these are very common scenarios, especially when we're talking 
about random weblogs, which make up a large chunk of the potential RP 
early adopters.