[OpenID] [OpenID board] Members Login broken
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Jan 26 17:50:28 UTC 2009
On 01/26/2009 06:18 PM, Peter Williams:
> I'll hazard a guess he used one from his own firm: http://www.startcom.org
>
https://eddyn.startssl.com/
> Be interesting to discover if a "trust issue" is what underlies the sudden inability to interwork.
>
Well, if that's the case it really sucks if once every while we have to
complain to get all commonly used and known CAs to work.
> More generally, users of vanity URL may encounter this "suddent cessation of inteworking issue" quite often, given the nature of the consumer-initiated discovery process used by openid. There, the RP may reject the SSL cert of the vanity site, assuming as per good practice it follows up and check if the CA has issued a revocation notice. This revocation will stop discovery, and probably manifest to the user as "RP cannot use OP/openid", even though probably the certs at the delegates OPs are fine.
>
Right. However I guess that most don't perform revocation checking,
specially on the Apache platform.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090126/55af7b9f/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090126/55af7b9f/attachment-0002.bin>
More information about the general
mailing list