<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Scott Kveton wrote:<br>
<blockquote cite="midC163FABB.E8E1%25scott@janrain.com" type="cite">
<pre wrap="">Eddy, Chris, James, Alaric: I appreciate that you have concerns with
possible security issues with OpenID. I'd _really_ appreciate some possible
solutions.
</pre>
</blockquote>
Well, I think we all tried...We provided an existing and common
solution, which could provide one/another line of defense...(BTW, most
of the other guys I don't know, so this is not a concerted spam effort
from me, but obviously there are others thinking the same). But it
seems, that the wrong guys think like I do...<br>
<blockquote cite="midC163FABB.E8E1%25scott@janrain.com" type="cite">
<pre wrap="">Let's keep the focus here on helping make OpenID the solution that solves
the single sign-on problem. That's what this list is for.
</pre>
</blockquote>
Right! One of the risks of single sign-on is perhaps the issue
itself...i.e. You need to crack it only once in order to gain access to
everywhere...That's at least my understanding so far. So I'd say better
worry now, than sorry later....<br>
<br>
But - you are right! Whoever says next time the word SSL or HTTPS gets
thrown out of the list! It's not going to be - end of story! No more
SSL, SSH, HTTPS, IMAPS, POPS....and guess anything else that starts or
ends with S too....<br>
<br>
<Smile> :-) </Smile><br>
<div class="moz-signature">-- <br>
<div><font face="Arial" size="2">Regards</font></div>
<div><font face="Arial" size="2"> </font></div>
<div><font face="Arial" size="2">Signer: Eddy Nigg, StartCom Ltd.</font></div>
<div><font face="Arial" size="2">Phone: +1.213.341.0390</font></div>
</div>
</body>
</html>