You're right of course, Martin. However, there is something that <a href="http://myopenid.com">myopenid.com</a> could implement today that would resolve the problem over time:<br><ol><li>All new user accounts automatically get the new behavior of redirecting to HTTPS. Nothing breaks here.</li>
<li>All existing user accounts get an option in their account preferences to switch on the new redirect behavior.</li></ol>This is what all OPs could do, and the sooner they do it, the more users will fall into #1, which is the easiest scenario for the common end user.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Thu, Jan 1, 2009 at 5:40 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Andrew Arnott wrote:<br>
><br>
> Ideally, <a href="http://myopenid.com" target="_blank">myopenid.com</a> and all other OPs would redirect identity page<br>
> requests that come in on HTTP to HTTPS so that all claimed identifiers and<br>
> authentication would occur over HTTPS to provide higher security to users.<br>
><br>
<br>
</div>Of course, as we currently stand existing providers such as MyOpenID<br>
cannot do this because that would effectively change the OpenID<br>
identifiers for all of their users that had not explicitly typed teh<br>
https: prefix into the RP.<br>
<br>
OpenID really needs a way to migrate from one identifier to another<br>
without breaking the connection to existing accounts.<br>
<div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>