Minutes From Meeting Today

David Strauss mailinglists at fourkitchens.com
Sat Jun 24 15:34:28 UTC 2006


Recordon, David wrote:
> - Recommends SSL in certain areas

My main concern is how the current spec treats
http://getopenid.com/david and https://getopenid.com/david as different
identities. While I understand how there *could* be exceptions, I think
both should be treated the same so users can gracefully move to using
SSL identity pages. I think the lack of SSL-signed identity pages is a
major weakness in OpenID that allows spoofing to direct authentication
to a rogue server.

--
David Strauss
Four Kitchen Studios, LLC
GetOpenID.com


More information about the yadis mailing list