That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.
There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.
An error occurred while saving the commentMatthew Stephen Hartmann commented
i believe SSL should be required to be OpenID compatible. why risk sending ANY information through the cloud in plain text? i typically keep away from any site that doesn't offer SSL encrypted connections. just my thoughts, though.