No subject
Fri Aug 15 23:49:43 UTC 2008
act as OPs (Flickr, AOL, etc.) still do not have https:// identity URLs, so
RPs cannot leverage cheap, ubiqitous SSL/TLS PKI to help thwart the more
obvious DNS and MITM/phishing attacks.
BTW, whoever maintains http://openid.net/get/ should probably change the
Yahoo information to "https://me.yahoo.com/" since that works and, unlike
http://openid.yahoo.com/, uses SSL/TLS.
Thanks,
Peter
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net><mailto:general at openid.net<mai=
lto:general at openid.net>><mailto:general at openid.net<mailto:general at openid.ne=
t><mailto:general at openid.net<mailto:general at openid.net>>>
http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
--_000_7FD5B754D66D9A489C584ECA4B32418F20EFBAD4simmbox01rapntc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoPlainText>Not a lot of early replies, were there? Folks need =
to understand
that clever representations are now being made in their name as unnamed des=
igners
(that are formally 100% correct, as are a good politicians claims, until
contested by analysis), that essentially message that openid is simply not
adoptable for controlling any substantive business risk. The claims bases i=
ts
truthfulless on a reference to lack of security feature and (this is the
killer) its designer intent in that regard.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I'll write down my beliefs about certain people who=
we
can count amongst the founding group. Never met personally means, my belief=
s
are drawn from general email tone, public or private. Material in [] is nei=
ther
fact checked nor a formal quote attribute to the person.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText style=3D'margin-left:.5in'>Johannes (never met pers=
onally)-
LID was supposed to do CCA login. [The contribution of LID to openid carrie=
d
forward the CCA use case.]<o:p></o:p></p>
<p class=3DMsoPlainText style=3D'margin-left:.5in'><o:p> </o:p></p>
<p class=3DMsoPlainText style=3D'margin-left:.5in'>Dick (never met, persona=
lly) -
its nuts to actually use openid2 for websso/cca. It's not good enough for t=
hat [in
design/operational culture].<o:p></o:p></p>
<p class=3DMsoPlainText style=3D'margin-left:.5in'><o:p> </o:p></p>
<p class=3DMsoPlainText style=3D'margin-left:.5in'>David: openid is mostly =
about blogging
and perhaps traditional wiki groupware login, as reflected in 10-20 new &qu=
ot;openid
adoptions" each day [because someone deploys an "openid-capable&q=
uot;
software suite, like a blog suite] and 15,000 documented adoptions of myope=
nid's
outsourcing service supportin those blog suite deployments.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I’ve also done de-briefs of most of the origi=
nal VeriSign
PIP team, since meeting David in person. This was also quite revealing abou=
t
the design and review cycle, relations with the SAML component of VeriSign,
since they spoke quite openly (as none continue to work for VeriSign).<o:p>=
</o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I’ve forgotten the person’s name, but s=
omeone
from the UK crowd (probably) expressed the basic mission of UCI/OpenID eloq=
uently,
once: use any OP you like without fear, because you the consumer will soon =
move
away from it when you find that folks’ refusal to accept it makes it =
essentially
useless. Such indirect, negative feedback by RPs against poor quality OPs b=
y
RPs through inconveniencing the user is apparently the basis of the assuran=
ce model,
and will [would] ideally translate into the authenticated comments allowing=
openid
to serve as a web-wide basis for addressing blogspam, once such reputation
management principles are applied similarly to users.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>If OpenID is to be used in consort with ws-trust
protocols, or OAUTH, the perception (being essentially concertedly messaged=
by
Liberty Alliance folk) may persist that “mere association with openid=
”
brings down the consorting protocol to the low-assurance level inherent in =
very
trademark "OpenID". That is, merge cardspace with openid, and you=
just
get openid-grade cardspace.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>-----Original Message-----<br>
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Beh=
alf
Of Peter Williams<br>
Sent: Wednesday, September 17, 2008 2:30 PM<br>
To: Paul Madsen<br>
Cc: general at openid.net<br>
Subject: Re: [OpenID] OpenID architecture critiques? Re: Too many providers=
...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Im more interested in the designers view of the int=
ent.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>First, were they designing for cca?<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Dd they expectations that only certain types of cca=
were
envisaged, to only certain types of app (eg classical wiki behaviour)?<o:p>=
</o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>________________________________<o:p></o:p></p>
<p class=3DMsoPlainText>From: Paul Madsen <paulmadsen at rogers.com><o:p=
></o:p></p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 1:30 PM<o:p></o=
:p></p>
<p class=3DMsoPlainText>To: Peter Williams <pwilliams at rapattoni.com><=
o:p></o:p></p>
<p class=3DMsoPlainText>Cc: general at openid.net <general at openid.net><o=
:p></o:p></p>
<p class=3DMsoPlainText>Subject: Re: [OpenID] OpenID architecture critiques=
? Re:
Too many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Peter, I'm not going to make blanket statements abo=
ut the
applicability of OpenID (or any authentication technology) to particular
classes of use cases. OMB/NIST got there first.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I will claim as a principle that the level of assur=
ance
engendered by proofing, registration, and authentication, etc should be
commensurate with that provided by the assertion protocol. And that applies=
to
SAML Web SSO profile, WS-Fed, Infocards, etc<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>regards<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>paul<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>--<o:p></o:p></p>
<p class=3DMsoPlainText>Paul
Madsen &nb=
sp; =
e:paulmadsen @ ntt-at.com<o:p></o:p></p>
<p class=3DMsoPlainText>NTT =
&nb=
sp; =
&nb=
sp;
p:613-482-0432<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
m:613-302-1428<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; aim:Pa=
ulMdsn5<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
web:connectid.blogspot.com<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>----- Original Message ----<o:p></o:p></p>
<p class=3DMsoPlainText>From: Peter Williams <pwilliams at rapattoni.com>=
;<o:p></o:p></p>
<p class=3DMsoPlainText>To: Paul Madsen <paulmadsen at rogers.com>; Pete=
r
<peterw at tux.org><o:p></o:p></p>
<p class=3DMsoPlainText>Cc: "general at openid.net"
<general at openid.net><o:p></o:p></p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 4:06:15 PM<o:p>=
</o:p></p>
<p class=3DMsoPlainText>Subject: RE: [OpenID] OpenID architecture critiques=
? Re:
Too many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>So...we have the creationists on the list.<o:p></o:=
p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I gave a long list of cca applications. Was cca a u=
se
case that the design addressed?<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>When one uses openid to logon to the concordia medi=
awiki,
was this use part of the concept?<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Is there anything inappropriate about using openid2=
for
mediawiki logon?<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Should openid (of any quality, and user auth streng=
th)
never be used on a wiki doing acess contolled business activities (eg one o=
f
the business groupware wikis provided by the pbwiki firm)?<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>________________________________<o:p></o:p></p>
<p class=3DMsoPlainText>From: Paul Madsen <paulmadsen at rogers.com<mail=
to:paulmadsen at rogers.com>><o:p></o:p></p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 12:56 PM<o:p></=
o:p></p>
<p class=3DMsoPlainText>To: Peter Williams
<pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>>; Pete=
r
<peterw at tux.org<mailto:peterw at tux.org>><o:p></o:p></p>
<p class=3DMsoPlainText>Cc: general at openid.net<mailto:general at openid.net=
>
<general at openid.net<mailto:general at openid.net>><o:p></o:p></p>
<p class=3DMsoPlainText>Subject: Re: [OpenID] OpenID architecture critiques=
? Re:
Too many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>every creation story I've ever seen for OpenID has
emphasized blog commenting.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Wrt HealthVault, Microsoft themselves seem somewhat
ambivalent - appearing to place the burden of security review (of bot=
h
OpenID and OPs) on users<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>https://account.healthvault.com/help.aspx?topicid=
=3Dfaq#OpenIDProviders<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>paul<o:p></o:p></p>
<p class=3DMsoPlainText>--<o:p></o:p></p>
<p class=3DMsoPlainText>Paul
Madsen &nb=
sp; =
e:paulmadsen @ ntt-at.com<o:p></o:p></p>
<p class=3DMsoPlainText>NTT =
&nb=
sp; =
p:613-482-0432<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
m:613-302-1428<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
aim:PaulMdsn5<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
web:connectid.blogspot.com<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>----- Original Message ----<o:p></o:p></p>
<p class=3DMsoPlainText>From: Peter Williams
<pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>><o:p><=
/o:p></p>
<p class=3DMsoPlainText>To: Paul Madsen
<paulmadsen at rogers.com<mailto:paulmadsen at rogers.com>>; Peter
<peterw at tux.org<mailto:peterw at tux.org>><o:p></o:p></p>
<p class=3DMsoPlainText>Cc:
"general at openid.net<mailto:general at openid.net>"
<general at openid.net<mailto:general at openid.net>><o:p></o:p></p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 3:27:59 PM<o:p>=
</o:p></p>
<p class=3DMsoPlainText>Subject: RE: [OpenID] OpenID architecture critiques=
? Re:
Too many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Out of interest, what were the use cases?<o:p></o:p=
></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>I've forgotten the name of the cissp who wrote the =
openid
book, but I recall his take: cca (cross company authentication) and blog
commenting.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>For cca, one has myopenid as the gold standard (in
outsourcing the op side of cca) and then there is/was plaxo as the gold
standard consumer (since you account link several openids to the localuseri=
d).
For blogging, id pose google/blogger as the stand ard reference of using op=
enid
to get authication of comments, and yahoo as the classical reference on how=
to
be an op in the world ofmega portals.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>In the web2.0 world, we then had magnolia (notable =
for
having no localids) and claimid (notable for tagging documents you want to
assert authorship of).<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>In the (paradoxical) higher assrance space (that li=
berty
folk essentially question if even should really exist) we have microsoft he=
ath
vault service maintaing your sensitive health record confentiality, accepti=
ng
openids from (only) trustbearer (who require strong user auth using dod cac
smartcard, usfed piv card, or other javacard/globalplatform smartcard with
decent rsa crypto strength (and fips 140-1 and cc assurance, ideally, on th=
e
soc in the chip and the id/keymanagement applets/firmware)<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>________________________________<o:p></o:p></p>
<p class=3DMsoPlainText>From: Paul Madsen
<paulmadsen at rogers.com<mailto:paulmadsen at rogers.com><mailto:pau=
lmadsen at rogers.com<mailto:paulmadsen at rogers.com>>><o:p></o:p></=
p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 11:42 AM<o:p></=
o:p></p>
<p class=3DMsoPlainText>To: Peter
<peterw at tux.org<mailto:peterw at tux.org><mailto:peterw at tux.org<=
;mailto:peterw at tux.org>>>;
Peter Williams
<pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com><mailto=
:pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>>><o:p>=
</o:p></p>
<p class=3DMsoPlainText>Cc:
general at openid.net<mailto:general at openid.net><mailto:general at openi=
d.net<mailto:general at openid.net>>
<general at openid.net<mailto:general at openid.net><mailto:general at o=
penid.net<mailto:general at openid.net>>><o:p></o:p></p>
<p class=3DMsoPlainText>Subject: Re: [OpenID] OpenID architecture critiques=
? Re:
Too many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>This comparison is not specific to security, but do=
es
address it<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>http://identitymeme.org/doc/draft-hodges-saml-openi=
d-compare-06.html<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>paul<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>p.s. I am a SAML/Liberty participant. I would not a=
rgue
that OpenID provides 'no' assurance - rather that it can provide a level of
assurance appropriate to the use cases that drove its development. I know o=
f no
SAML advocate that would claim more than this correspondence for SAML.<o:p>=
</o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>--<o:p></o:p></p>
<p class=3DMsoPlainText>Paul
Madsen &nb=
sp; =
e:paulmadsen @ ntt-at.com<o:p></o:p></p>
<p class=3DMsoPlainText>NTT =
&nb=
sp; =
p:613-482-0432<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
m:613-302-1428<o:p></o:p></p>
<p class=3DMsoPlainText> &nb=
sp;
&nb=
sp; =
aim:PaulMdsn5<o:p></o:p></p=
>
<p class=3DMsoPlainText> &nb=
sp; =
&nb=
sp; =
web:connectid.blogspot.com<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>----- Original Message ----<o:p></o:p></p>
<p class=3DMsoPlainText>From: Peter
<peterw at tux.org<mailto:peterw at tux.org><mailto:peterw at tux.org<=
;mailto:peterw at tux.org>>><o:p></o:p></p>
<p class=3DMsoPlainText>To: Peter Williams
<pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com><mailto=
:pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>>><o:p>=
</o:p></p>
<p class=3DMsoPlainText>Cc:
"general at openid.net<mailto:general at openid.net><mailto:general=
@openid.net<mailto:general at openid.net>>"
<general at openid.net<mailto:general at openid.net><mailto:general at o=
penid.net<mailto:general at openid.net>>><o:p></o:p></p>
<p class=3DMsoPlainText>Sent: Wednesday, September 17, 2008 2:19:46 PM<o:p>=
</o:p></p>
<p class=3DMsoPlainText>Subject: [OpenID] OpenID architecture critiques? Re=
: Too
many providers...<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Peter Williams <pwilliams at rapattoni.com<mailt=
o:pwilliams at rapattoni.com><mailto:pwilliams at rapattoni.com<mailto:p=
williams at rapattoni.com>><mailto:pwilliams at rapattoni.com<mailto:=
pwilliams at rapattoni.com><mailto:pwilliams at rapattoni.com<mailto:pwi=
lliams at rapattoni.com>>>>
wrote:<o:p></o:p></p>
<p class=3DMsoPlainText>> Folks in the liberty alliance message (openly =
and
convincingly)<o:p></o:p></p>
<p class=3DMsoPlainText>> that openid cannot ever - inherently - be used=
for
any purpose<o:p></o:p></p>
<p class=3DMsoPlainText>> requiring "assurance". They point to
the undisputed claim that<o:p></o:p></p>
<p class=3DMsoPlainText>> the open designers knowingly made design trade=
offs
in the crypto<o:p></o:p></p>
<p class=3DMsoPlainText>> handshake and security critical securty servic=
e
composition rules,<o:p></o:p></p>
<p class=3DMsoPlainText>> so as to make it all easy to deploy and adopt.
Because of this<o:p></o:p></p>
<p class=3DMsoPlainText>> precept, openid cannot even *be* fixed (since =
low
assurance is the<o:p></o:p></p>
<p class=3DMsoPlainText>> actual goal).<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>As someone who's moving towards integrating OpenID =
(RP
and OP) into his<o:p></o:p></p>
<p class=3DMsoPlainText>employer's web apps, I would very much appreciate U=
RLs to
such critiques.<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>From what I see, the most glaring problem is that s=
ome
"major sites" that<o:p></o:p></p>
<p class=3DMsoPlainText>act as OPs (Flickr, AOL, etc.) still do not have ht=
tps://
identity URLs, so<o:p></o:p></p>
<p class=3DMsoPlainText>RPs cannot leverage cheap, ubiqitous SSL/TLS PKI to=
help
thwart the more<o:p></o:p></p>
<p class=3DMsoPlainText>obvious DNS and MITM/phishing attacks.<o:p></o:p></=
p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>BTW, whoever maintains http://openid.net/get/ shoul=
d
probably change the<o:p></o:p></p>
<p class=3DMsoPlainText>Yahoo information to "https://me.yahoo.com/&qu=
ot;
since that works and, unlike<o:p></o:p></p>
<p class=3DMsoPlainText>http://openid.yahoo.com/, uses SSL/TLS.<o:p></o:p><=
/p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Thanks,<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>Peter<o:p></o:p></p>
<p class=3DMsoPlainText><o:p> </o:p></p>
<p class=3DMsoPlainText>_______________________________________________<o:p=
></o:p></p>
<p class=3DMsoPlainText>general mailing list<o:p></o:p></p>
<p class=3DMsoPlainText>general at openid.net<mailto:general at openid.net>=
<mailto:general at openid.net<mailto:general at openid.net>><mailt=
o:general at openid.net<mailto:general at openid.net><mailto:general at ope=
nid.net<mailto:general at openid.net>>><o:p></o:p></p>
<p class=3DMsoPlainText>http://openid.net/mailman/listinfo/general<o:p></o:=
p></p>
<p class=3DMsoPlainText>_______________________________________________<o:p=
></o:p></p>
<p class=3DMsoPlainText>general mailing list<o:p></o:p></p>
<p class=3DMsoPlainText>general at openid.net<o:p></o:p></p>
<p class=3DMsoPlainText>http://openid.net/mailman/listinfo/general<o:p></o:=
p></p>
</div>
</body>
</html>
--_000_7FD5B754D66D9A489C584ECA4B32418F20EFBAD4simmbox01rapntc_--
More information about the general
mailing list