[OpenID] Another Anti-Phishing Scheme for OpenID
Aswath Rao
aswathr at hotmail.com
Sat Feb 3 19:42:36 UTC 2007
Thanks for the pointer. I had seen the tem used in the brainstorm article in
the wiki, but I never tracked it down.
Regards
Aswath
----Original Message Follows----
From: "Bob Wyman" <bob at wyman.us>
To: "Aswath Rao" <aswathr at hotmail.com>
CC: general at openid.net
Subject: Re: [OpenID] Another Anti-Phishing Scheme for OpenID
Date: Sat, 3 Feb 2007 12:17:58 -0500
On 2/3/07, Aswath Rao <aswathr at hotmail.com> wrote:> I have a proposal for a
login ceremony that could drastically reduce
>phishing attacks. I would appreciate feedback from you.
>http://www.mocaedu.com/mt/archives/000287.html
What you describe is an "in-chrome" solution -- i.e. one that involves a
modification to the browser in the form of either a plug-in or built-in
code. This class of solutions is, I think, the correct path to take. Most of
the other approaches that have been proposed can be described as
"work-arounds" to the fact that such in-chrome solutions are not deployed.
Folk tend to avoid specifying in-chrome solutions since they are all too
well aware that as the number of suppliers of browsers has been reduced, the
amount of browser innovation has been seriously reduced. Certainly, the
proponents of these often ugly work-arounds have a point, however, I think
we should bite the bullet and accept that in-chrome solutions are
technically the best and also those that offer the best potential for good
user experiences. Instead of seeking more work-arounds, we should be
focusing on the political problem of figuring out how do we get the browser
developers to deliver the tools we require to provide a safe browsing
experience.
bob wyman
More information about the general
mailing list