[OpenID] Selectively Redirecting OpenID Traffic To HTTPS
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Jan 11 18:11:26 UTC 2008
Well, I suggested that more than a year ago just to get booed down...it
really should be part of the policy
Sean Reilly wrote:
>
> I think the point is that OpenIDs should start with https: so that
> there is no http->https redirection needed. If any step of the
> process goes through a normal http exchange/redirect then there is a
> weak link in the chain where a bad guy could take over the
> authentication.
>
> Or maybe I'm missing something having jumped into the middle of the
> conversation.
>
> cheers,
> sean
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080111/439dba53/attachment-0002.htm>
More information about the general
mailing list