[prev in list] [next in list] [prev in thread] [next in thread]
List: openid-specs
Subject: HTTPS status
From: alaricdailey () hotmail ! com (Alaric Dailey)
Date: 2007-03-02 1:43:06
Message-ID: BAY109-DAV5A9BDD3E9AE85382A7D3BC7870 () phx ! gbl
[Download RAW message or body]
You could certainly argue it, I have no objection, SSL seems the obvious
choice for several reasons
1. Cheap (now free from Several Cas)
2. Well Supported (the code I looked at was running over HTTP so it would be
a VERY minor change to do https)
3. Identity validation is done by the CA.
Are a few off the top of my head. However... I am not hung up on it, what I
see as ABSOLUTELY Necessary is protecting the users data in transit with
encryption.
> -----Original Message-----
> From: specs-bounces at openid.net
> [mailto:specs-bounces at openid.net] On Behalf Of McGovern,
> James F (HTSC, IT)
> Sent: Thursday, March 01, 2007 12:20 PM
> To: specs at openid.net
> Subject: RE: HTTPS status
>
> May I argue that a secure end-to-end encrypted channel does
> not always equal SSL? I know that PKI is pervasive, but
> wouldn't want to rule out the potential of using
> identity-based encryption (IBE)...
>
> Date: Wed, 28 Feb 2007 20:23:46 -0600
> From: "Alaric Dailey" <alaricdailey at hotmail.com>
> Subject: RE: HTTPS status
> To: <specs at openid.net>
> Message-ID: <BAY109-DAV63A14227A19952C915E79C7800 at phx.gbl>
> Content-Type: text/plain; charset="us-ascii"
>
> That wording is better than I remember, but really with free
> certificates being readily available, and the obvious need
> for prtecting users data, WHY oh WHY is there even support
> for an unencrypted channel? Heck even Jabber is being moved
> to a completely secure end to end encrypted channel. With
> this being created brand new, why start insecure?
>
> I realize I am repeating the same thing I started a few
> months ago, but with MS and AOL supporting OpenID, it means a
> lot more users will be exposed to it, making it even more
> important to do it right from the beginning.
>
> Why is there such reluctance?
>
>
>
> **************************************************************
> ***********
> This communication, including attachments, is for the
> exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information. If you are not
> the intended recipient, any use, copying, disclosure,
> dissemination or distribution is strictly prohibited. If you
> are not the intended recipient, please notify the sender
> immediately by return e-mail, delete this communication and
> destroy all copies.
> **************************************************************
> ***********
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic