[security] HTTP and HTTPS URL issue (was RE: security)
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Oct 27 19:51:46 UTC 2006
Josh Hoyt wrote:
> On 10/27/06, Dan Lyke <danlyke at flutterby.com> wrote:
>
>> On Fri, 27 Oct 2006 12:11:40 -0700, Eddy Nigg (StartCom Ltd.) wrote:
>>
>>> BTW, did anybody of you notice, that the exchange of information
>>> (assoc_handle / shared secret) between the RP and IDP is completely
>>> optional?
>>>
>> Yes, but that's up to the Relying Party, so if the Relying Party
>> doesn't do their homework it's their own damned fault.
>>
>
> Um, can you explain why it's harmful?
>
Can you tell me, why did you implement it in first place?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061027/9c830288/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061027/9c830288/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061027/9c830288/attachment-0002.bin>
More information about the security
mailing list