[OpenID] Fwd: OpenID Spoofing
David Nicol
davidnicol at gmail.com
Fri Jan 12 23:15:58 UTC 2007
if their bank suddenly deals in openID identities (instead of e-mail
addresses or
tipjar nicknames or whatever) yes... although saying "it's the IdP's
problem" and
moving on should work. shared-secret OTP key fobs are all the rage now AIUI
On 1/12/07, Dmitry Shechtman <damnian at gmail.com> wrote:
> I'm not trying to say there is problem here, but isn't it way out of our
> scope? If nobody (well, almost nobody) can be sure it's really their bank
> they're signing into, should they be concerned about their IdP?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070112/e345db3d/attachment-0002.htm>
More information about the general
mailing list