[OpenID] Bug in OpenID RP implementations
Eric Norman
ejnorman at doit.wisc.edu
Fri Jan 2 00:21:33 UTC 2009
On Jan 1, 2009, at 5:00 PM, Eddy Nigg (StartCom Ltd.) wrote:
>
> On 01/02/2009 12:49 AM, Eric Norman:On Jan 1, 2009, at 4:28 PM, Peter
> Williams wrote:
>>
>>
>>> The openid 2 spec says in section 15 (a non-normative must, note):
>>>
>>> "In order to get protection from SSL, SSL must be used for all parts
>>> of the interaction, including interaction with the end user through
>>> the User-Agent."
>>>
>> When I include "https:" in my OpenID, I'm saying that I
>> want protection by SSL, right?
>>
>
> Your OpenID is https:// then, it's not ncesseraly the same as http
> and the other way around too. It has been many times already
> mentioned.
So what? I didn't type in "http:".
Eric Norman
More information about the general
mailing list