<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 03/19/2009 02:28 AM, Martin Atkins:<br>
<blockquote cite="mid:49C1919A.2010303@degeneration.co.uk" type="cite">
  <blockquote type="cite"><br>
  </blockquote>
  <br>
I think the proposal here is that:
  <br>
  <br>
* If the OP endpoint is using SSL, the RP MUST use the cleartext
session method and no other.
  <br>
</blockquote>
<br>
I would suggest here that the RP MAY use clear text. Otherwise it would
break most implementations and backward compatibility even to v2.0.<br>
<br>
<br>
<div class="moz-signature">
<table cellpadding="0" cellspacing="0" border="0">
  <tbody>
    <tr>
      <td colspan="2">Regards </td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
    <tr>
      <td>Signer: </td>
      <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
    </tr>
    <tr>
      <td>Jabber: </td>
      <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
    </tr>
    <tr>
      <td>Blog: </td>
      <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
    </tr>
    <tr>
      <td>Phone: </td>
      <td>+1.213.341.0390</td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
  </tbody>
</table>
</div>
<br>
</body>
</html>