security
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Oct 26 20:35:05 UTC 2006
On Oct 26, 2006, at 10:01, Martin Atkins wrote:
> Hmm. When was it decided that a scheme-less URL should start of as
> HTTPS
> and then be tried as HTTP. I was part of the camp arguing adamantly
> against that when it was being discussed, but I don't recall a
> conclusion to the debate.
>
> This attack was one of the very reasons I was against this spec-
> mandated
> guesswork.
I don't recall that such a thing was decided.
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 1962 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061026/c4d4aedc/attachment-0002.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061026/c4d4aedc/attachment-0002.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list