[OpenID] External authentication 2.0
drecordon at verisign.com
Sun Jan 14 22:13:33 UTC 2007
OpenID is susceptible to MITM attacks if not correctly using SSL as
discussed throughout the spec.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Dmitry Shechtman
Sent: Saturday, January 13, 2007 1:36 AM
To: 'Paul Madsen'
Subject: [OpenID] External authentication 2.0
1. Isn't OpenID susceptible to MITM between OP and RP?
2. Is XMPP sufficiently secure? Will requesting the user to simply reply
with '1' (rather than follow a link) do?
general mailing list
general at openid.net
More information about the general