[OpenID] D-H vs SSL
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Mar 19 01:37:02 UTC 2009
On 03/19/2009 02:28 AM, Martin Atkins:
>>
>
> I think the proposal here is that:
>
> * If the OP endpoint is using SSL, the RP MUST use the cleartext
> session method and no other.
I would suggest here that the RP MAY use clear text. Otherwise it would
break most implementations and backward compatibility even to v2.0.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/426d780c/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/426d780c/attachment-0002.bin>
More information about the general
mailing list