[OpenID] Reconsidering http://openid different from https://openid
Jonathan Daugherty
cygnus at janrain.com
Thu Sep 20 23:17:58 UTC 2007
# > I believe that HTTP is permitted only because some webserver
# > software might not have the requisite libraries.
#
# I think it's because HTTP is easy and cheap, and HTTPS is hard(er)
# to setup, and more resource-intensive (on IP addresses, CPU, $$$).
And because in practice the number of servers that lack SSL support is
far more than "some." There are many RPs in the wild that simply
cannot consume HTTPS identifiers.
--
Jonathan Daugherty
JanRain, Inc.
irc.freenode.net: cygnus in #openid
cygnus.myopenid.com
More information about the general
mailing list