[OpenID board] A couple of questions regarding the security...

Per Ekström wertigon at gmail.com
Thu Jan 31 14:59:30 UTC 2008

Hi. I'm quite new to this whole OpenID thing, though I do find the idea in
itself to be wonderful. Since every little blog and photo gallery nowadays
seems to require subscriptions, I've more or less given up on the password

Anyhow, forgive me if it has been covered before, but, I tried searching the
web for three hours and couldn't find an answer, so, I thought I should ask
here for a concise explanation.

My first question is regarding the Phishing attacks that are mentioned at
Wikipedia [1] - Are they still valid or is it just FUD that has been
floating around since an old version of the standard?

And second - While I know Man-In-The-Middle between user and OpenID-provider
is quite easy to stave off, what about OpenID-provider and the website I'm
trying to log in to? Whenever man-in-the-middle discussion about this
appears, it's always in the form of User-to-OpenID-Provider, not the other
way around.

If someone could take the time to explain this to me (or point me in the
direction of an FAQ), so I could convince my boss to allow OpenID logins,
I'd be very grateful. ^^

Oh, and is there some sort of community icon for OpenID I could use, to show
that our website does indeed support OpenID?

Per Ekström

[1] http://en.wikipedia.org/wiki/OpenID
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080131/9bd8179c/attachment-0003.htm>

More information about the board mailing list