[security] [PROPOSAL] Adding More Color Around SSL Use
Pete Rowley
prowley at redhat.com
Thu Oct 26 21:50:39 UTC 2006
+1
Recordon, David wrote:
> I'm planning to check in the following patch to the authentication spec
> later today unless anyone has STRONG objections. It says that SSL is
> not REQUIRED, though comes as close to saying that it is that I think we
> can. Josh, Mart, and I believe this is a good middle position to take
> on the matter. We certainly believe any reputable IdP will correctly
> use SSL, though there are cases (such as using OpenID Authentication
> fully within your own trusted network) where it is not required.
>
> --David
>
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/60527847/attachment-0002.bin>
More information about the security
mailing list