Let's look at the complete SRV record:
_openid._tcp IN SRV 0 0 8080 openid.example.com.
We have a machine name, but what is the URL to the endpoint for logging in?
What is the user's OpenID URI?
I think Phillip is proposing a discovery chain - more opportunities
for other parties to step in (at their layer) and take control, more
points of failure if vulnerabilities are discovered in each protocol
- and to be fair, DNS is *already* such a layer. OpenID relies on it.
-Shade
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
