[security] [OpenID] Trust + Security @ OpenID
Eric Norman
ejnorman at doit.wisc.edu
Fri Jul 20 23:30:11 UTC 2007
On Jul 20, 2007, at 8:30 AM, Johnathan Nightingale wrote:
> As Dmitry observes, the protection it offers is useless if there are
> http (i.e. non-SSL/TLS) links in the chain.
True enough. But there's more. Many will argue that such
protection is also useless unless the correct trust anchors
(some folks call them "root" certificates) are deployed at
the correct places. This is far easier to say then accomplish.
Eric Norman
http://ejnorman.blogspot.com
More information about the security
mailing list