[OpenID] RPs accepting https:// identifiers
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Aug 11 21:42:58 UTC 2008
>The obvious issue is that -- to my knowledge --
><https://openid.sun.com/user>https://openid.sun.com/user !=
><http://openid.sun.com/user>http://openid.sun.com/user.
What if, for some crazy reason, a site actually *wants* to make
https://site.com/user a different page than http://site.com/user? For
instance, I could make a "Profile" page available via HTTP that
doesn't include any information I don't want to be captured in
transit - and then have *another* version of the same page, over
HTTPS, *with* that information.
Still the same user, though.
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080811/fc477a40/attachment-0002.htm>
More information about the general
mailing list