I thought that, too, but couldn't find a good reference. Do you have
a reference handy that explains this?
On Oct 16, 2006, at 10:35, Grant Monroe wrote:
On 10/14/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
Also note that URL parameters are not secured by TLS in HTTPS.
-- Dick
URL parameters are sent with the path in the GET line of the HTTP
request after the TLS handshake, so URL parameters ARE secured.
--
Grant Monroe
JanRain, Inc.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs