<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Recordon, David wrote:<br>
<blockquote
 cite="mid7E7CA24460925C44AEB4F202BA7E45F302B563@MOU1WNEXMB14.vcorp.ad.vrsn.com"
 type="cite">
  <pre wrap="">There
are however use cases where SSL is not required, running OpenID solely
on an intranet for example, </pre>
</blockquote>
Business espionage happens usually from within the internal company
network.... <br>
<blockquote
 cite="mid7E7CA24460925C44AEB4F202BA7E45F302B563@MOU1WNEXMB14.vcorp.ad.vrsn.com"
 type="cite">
  <pre wrap="">but for the majority of cases SSL is highly
recommended which I think the spec makes clear.
  </pre>
</blockquote>
Recommendations are non-binding and don't prevent from the protocol to
access also http (in fact it is advised for incomplete URI's to try
http, https and xri) <br>
<blockquote
 cite="mid7E7CA24460925C44AEB4F202BA7E45F302B563@MOU1WNEXMB14.vcorp.ad.vrsn.com"
 type="cite">
  <pre wrap="">--David</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer:      Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Phone:       +1.213.341.0390</font></div>
</div>
</body>
</html>