Recordon, David <[EMAIL PROTECTED]> schrieb/wrote: > +1, any OP worth its code will use HTTPS when working with passwords or user > data.
That does not help if a rouge RP sends the user elsewhere and the MITM provides a valid SSL certificate for his "lookalike" domain name. Claus _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
