On Mon, 16 Oct 2006 15:24:25 -0700 "Recordon, David" <[EMAIL PROTECTED]> wrote:
> > Change default session type > * +1 I'm not sure what changing the default buys us. The RP still has to create a public modulus and send it in the request in order to use DH, so there's still a positive action required to use session encryption. We'd have a situation where requests would have either .session_type or .dh_consumer_public, but possibly not both. That's more confusing than what we have now. > > Bare request > * 0 > > --David > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs