[OpenID] My 2 Cents to the OpenID foundation

[SitG Admin]

>I think the degree of security required must be proportional to the value of
>the information you are carrying. SHA1 is fine for basic profile data. You
>need SHA256 only for things like credit card no, social security no, bank
>account no etc etc.

I beg to differ!

It is the USER who may decide the value of their own personal 
information, and there are certainly users who will view this type of 
data as being of vital importance.

-Shade