[security] HTTP vs HTTPS based OpenIDs
Johannes Ernst
jernst+openid.net at netmesh.us
Tue Dec 8 23:30:59 UTC 2009
It's often a matter of root cert distribution rather than protocol support.
On Dec 8, 2009, at 15:15, Breno de Medeiros wrote:
> I am surprised to learn that RPs do not support https URLs. Libraries
> that I have had experienced with separate the network layer and the
> protocol layer and so should work with both http and https URLs.
>
>
> On Tue, Dec 8, 2009 at 3:13 PM, Jacob Bellamy <toarms at gmail.com> wrote:
>>
>> Oops! Rogue link on the clipboard.
>>
>> Given what you've said, it seems bizarre that the majority of OPs that I
>> have seen do not give https identifiers, and that a number of relying
>> parties do not seem to support them.
>>
>> - Jacob Bellamy.
>> --
>> View this message in context: http://old.nabble.com/HTTP-vs-HTTPS-based-OpenIDs-tp26685482p26702554.html
>> Sent from the OpenID - Security mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> security mailing list
>> security at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-security
>>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> _______________________________________________
> security mailing list
> security at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-security
More information about the security
mailing list