[Openid-specs-ab] Do we want to remove Encryption?

Nat Sakimura sakimura at gmail.com
Thu May 27 18:37:17 UTC 2010


At IIW, we were almost removing encryption option from the spec., but
I decided to wait until I heard from the wider community.

Some feedback that I was getting was that sometimes we want to have
the payload level encryption and not rely on the pipe (SSL).
SSL sessions are sometimes terminated in the middle and to achieve the
end-to-end encryption, payload level encryption is the only way to go.

What do you think?

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en


More information about the Openid-specs-ab mailing list