Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread John Bradley
the https: version for realm so that RP discovery cant be spoofed via DNS. Regards John B. On 13-May-09, at 2:10 AM, specs-requ...@openid.net wrote: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread Luke Shepard
Subject: Should we recommend that return_to url is always HTTPS? What about realm? To: OpenID Specs Mailing List specs@openid.net Message-ID: c62fb26e.bce7%lshep...@facebook.com mailto:c62fb26e.bce7%25lshep...@facebook.com Content-Type: multipart/related; boundary

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread John Bradley
: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS? What about realm? To: OpenID Specs Mailing List specs@openid.net Message-ID: c62fb26e.bce7%lshep...@facebook.com mailto:c62fb26e.bce7%25lshep

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread Luke Shepard
the https: version for realm so that RP discovery cant be spoofed via DNS. Regards John B. On 13-May-09, at 2:10 AM, specs-requ...@openid.net wrote: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread George Fletcher
: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS? What about realm? To: OpenID Specs Mailing List specs@openid.net Message-ID: c62fb26e.bce7

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread Breno de Medeiros
be to always use   the https: version for realm so that RP discovery cant be spoofed via DNS. Regards John B. On 13-May-09, at 2:10 AM, specs-requ...@openid.net wrote:   Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread John Bradley
. Regards John B. On 13-May-09, at 2:10 AM, specs-requ...@openid.net wrote: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS? What about

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-14 Thread George Fletcher
From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS? What about realm? To: OpenID Specs Mailing List specs@openid.net Message-ID: c62fb26e.bce7%lshep...@facebook.com mailto:c62fb26e.bce7

Re: Should we recommend that return_to url is always HTTPS? What about realm?

2009-05-13 Thread Dirk Balfanz
that RP discovery cant be spoofed via DNS. Regards John B. On 13-May-09, at 2:10 AM, specs-requ...@openid.net wrote: Date: Tue, 12 May 2009 23:10:38 -0700 From: Luke Shepard lshep...@facebook.com Subject: Should we recommend that return_to url is always HTTPS? What about realm? To: OpenID