[OpenID] rfc2817: https vs http
Story Henry
henry.story at bblfish.net
Wed Aug 27 19:58:15 UTC 2008
Apparently rfc2817 allows an http url tp be used for https security.
Given that Apache seems to have that implemented [1] and that the
openid url is mostly used for server to server communication, would
this be a way out of the http/https problem?
I know that none of the browsers support it, but I suppose that if the
client does not support this protocol, the server can redirect to the
https url? This seems like it could be easier to implement that XRI .
Disclaimer: I don't know much about rfc2817
Henry
[1] http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg00251.html
http://www.ietf.org/rfc/rfc2817.txt
Home page: http://bblfish.net/
More information about the general
mailing list