[OpenID] Backwards Compatibility

Breno de Medeiros breno at google.com
Tue Mar 17 23:55:13 UTC 2009 

On Tue, Mar 17, 2009 at 4:07 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

>  >>I'd like to remove the requirement for SSL enabled OPs to support DH.
> Are there any OPs that don't support HTTPS?
> >
> >Of course.  But perhaps the useful question could phrased "are there any
> OPs that don't support HTTPS that people would cry about not working any
> more?"
>
> Definitely! Individuals running their own OP's who don't care about
> security (because they only use it for leaving comments, and other low-value
> purposes), but *do* care about privacy (not giving *any* third party
> information about their OpenID activity on the web), and can't afford to use
> website hosts that provide SSL.
>

1. They have no privacy against their hosting provider.

2. Do they need confidential keys? Isn't DNS security sufficient for the
protection of blog comments?


>
> (Note that "can't afford to use" doesn't just mean "free as in beer", here;
> if the providers require registration information that the user, for privacy
> reasons, will not divulge, they cannot afford to use that provider's
> services. It's simple logic, albeit of the sort that seems to flee users'
> minds whenever faced with an SLA for software.)
>
> Perhaps the use of SSL could be added into the minimum assurance levels
> area of the spec, so that users who insist on using OpenID but refuse to use
> a SSL-enabled OP will simply be unable to achieve any level of assurance
> beyond the very lowest? Sufficient for comment spam and the like, so OpenID
> still has *some* use to end-users.
>
> -Shade
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090317/e5691873/attachment-0002.htm>

More information about the general mailing list