<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Well, I suggested that more than a year ago just to get booed down...it
really should be part of the policy<br>
<br>
Sean Reilly wrote:
<blockquote
 cite="mid:C9454D12-953F-4B72-AF12-03B1B7F1BC30@cnri.reston.va.us"
 type="cite"><br>
I think the point is that OpenIDs should start with https: so that
there is no http-&gt;https redirection needed.  If any step of the
process goes through a normal http exchange/redirect then there is a
weak link in the chain where a bad guy could take over the
authentication.
  <br>
  <br>
Or maybe I'm missing something having jumped into the middle of the
conversation.
  <br>
  <br>
cheers,
  <br>
sean
  <br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
  <tbody>
    <tr>
      <td colspan="2">Regards </td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
    <tr>
      <td>Signer: </td>
      <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
    </tr>
    <tr>
      <td>Jabber: </td>
      <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
    </tr>
    <tr>
      <td>Blog: </td>
      <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
    </tr>
    <tr>
      <td>Phone: </td>
      <td>+1.213.341.0390</td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
  </tbody>
</table>
</div>
</body>
</html>