<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Josh Hoyt wrote:
<blockquote
cite="mid:34714aad0709281116m4539c26eqf2842c31ad562e@mail.gmail.com"
type="cite">
<pre wrap="">On 9/28/07, Eddy Nigg (StartCom Ltd.) <a class="moz-txt-link-rfc2396E" href="mailto:eddy_nigg@startcom.org"><eddy_nigg@startcom.org></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> Josh, I think per concept, the RP doesn't have to implement SSL (https). Obviously
it would be preferred perhaps, but not a requirement. Much different the ID provider
should be the one with SSL support and redirect to its own <a class="moz-txt-link-freetext" href="https://user.provider">https://user.provider</a>
</pre>
</blockquote>
<pre wrap=""><!---->
I meant the ability to *make* HTTPS requests (e.g. with libcurl). The
relying party certainly needs to do this if the transaction is to take
place over HTTPS.
</pre>
</blockquote>
Thanks for your clarification. I'd except most (any) hosting provider
who supports PHP to have the "standard" modules available.
Libcurl/OpenSSL one of them...but one never knows ;-) It would
certainly be hurdle for the ones in such a situation.<br>
<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>