[OpenID] Reconsidering http://openid different from https://openid

[Josh Hoyt]

On 9/28/07, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org> wrote:
>   Josh, I think per concept, the RP doesn't have to implement SSL (https). Obviously
> it would be preferred perhaps, but not a requirement. Much different the ID provider
> should be the one with SSL support and redirect to its own https://user.provider

I meant the ability to *make* HTTPS requests (e.g. with libcurl). The
relying party certainly needs to do this if the transaction is to take
place over HTTPS.

Josh