[OpenID] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Fri Jan 12 17:56:51 UTC 2007


> I don't like having to put the burden on the users to install client-side
> software.  Also, there is the possibility (although remote) that a user
> could be phished to install a extension that does "bad things" as well.
> And what is there to stop other extensions you install for one thing from
> doing "bad things" with your identity?

Ditto.

> I'm really hoping that the Firefox 3.0 release will integrate OpenID in 
> such a way to alleviate a lot of these risks:
>
> http://radar.oreilly.com/archives/2007/01/firefox_30_requ.html

I really hate to say it in this forum, but we (myself included) often forget
that the world isn't spinning around OpenID.

Why should an OpenID provider be a special case? Just assign it a petname,
and you're done. I'm not sure whether Petnames are expected to be part of FF
3.0, but they certainly seem to do the trick.


Regards,
Dmitry
=damnian




More information about the general mailing list