On Wed, Jan 27, 2010 at 16:40, Andrew Arnott <[email protected]> wrote: > Absolutely. In fact, if part of a solution to any problem is to get all > parties on SSL, then nonces can just go away -- am I right?
Yes, if we could assume SSL support at the RP we could do away with nonces and use secure cookies. Nonces are a pain and just wrong for web protocols. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
