Problem with nonces and HTTP GET

[Breno de Medeiros]

On Wed, Jan 27, 2010 at 16:40, Andrew Arnott <andrewarnott at gmail.com> wrote:
> Absolutely.  In fact, if part of a solution to any problem is to get all
> parties on SSL, then nonces can just go away -- am I right?

Yes, if we could assume SSL support at the RP we could do away with
nonces and use secure cookies. Nonces are a pain and just wrong for
web protocols.