[Openid-specs-ab] Participation in the WebFinger list and important consensus call
Michael.Jones at microsoft.com
Thu Dec 6 00:31:20 UTC 2012
FYI, for those of you who may have wanted to follow the IETF WebFinger discussions but didn't want to join the Applications Area working group list because of its high traffic load, there's good news - WebFinger discussions have now been moved to a separate mailing list, so the traffic should be much more manageable and focused. You can join the list at https://www.ietf.org/mailman/listinfo/webfinger.
There's an important consensus call going on right now about whether to require HTTPS for WebFinger or whether to allow fallback to HTTP. If you would like OpenID Connect to eventually switch from using Simple Web Discovery (SWD) to WebFinger, it would be good for you to voice your opinion that HTTPS should be required (if indeed, that's your opinion). (If fallback to HTTP ends up being allowed, then OpenID Connect discovery would be subject to HTTP downgrade attacks in some circumstances - sometimes in combination with DNS hijacking.)
See http://www.ietf.org/mail-archive/web/webfinger/current/msg00014.html for the original message of the consensus call. The consensus call runs until Thursday, December 13th.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab