When data is transferred over the OpenID network AS IT STANDS AT THIS MOMENT no encryption is required, thus all your userdata could be transmitted in clear text.
This is a clear reason to steer clear of OpenID or at least put pressure on them to fix this.
Actually we just switched AWAY from MS cert services to an outsourced CA. I did this because we primarily used the MS CA for smartcard logins, and I was able to get one of the FREE online CA's to support the required configurations.
Because they have passed their webtrust compativle security audit, they will soon have major browser inclusion. Thus we will soon have a single cert that can be used for email encryption, IM encryption using certs using Simp ( http://www.secway.com/ ), and SmartCard logon to the network.
Slashdot Mirror
When data is transferred over the OpenID network AS IT STANDS AT THIS MOMENT no encryption is required, thus all your userdata could be transmitted in clear text. This is a clear reason to steer clear of OpenID or at least put pressure on them to fix this.
Actually we just switched AWAY from MS cert services to an outsourced CA. I did this because we primarily used the MS CA for smartcard logins, and I was able to get one of the FREE online CA's to support the required configurations.
Because they have passed their webtrust compativle security audit, they will soon have major browser inclusion. Thus we will soon have a single cert that can be used for email encryption, IM encryption using certs using Simp ( http://www.secway.com/ ), and SmartCard logon to the network.
Security is a big reason, but without PKCS#11 support and a Roboform plugin, I won't be switching.