[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Gabe Wachob gabe.wachob at amsoft.net
Fri Jan 19 18:43:02 UTC 2007


Regarding anti-phishing & IE - isn't that one of the main design goals of
Cardspace? 

Scenario: Login to your OP with Cardspace and not worry about phishing?

My only point here is that I think the IE people probably think they *have*
a solution, which may or may not be appealing to people here.  

	-Gabe

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Scott Kveton
> Sent: Friday, January 19, 2007 10:02 AM
> To: Ben Laurie
> Cc: openid-general
> Subject: Re: [OpenID] OpenID and phishing (was Announcing
> OpenIDAuthentication 2.0 - Implementor's Draft 11)
> 
> >> do you have any
> >> suggestions on how to combat phishing for OpenID's?
> >
> > a) Push browser authors to add unphishable auth!
> 
> This is starting to happen (with Mozilla anyways).  Anybody know the IE
> developers?
> 
> > I intend to write some more on mitigation soon.
> 
> Great ... Please link to the post here ... Would love to hear your
> thoughts
> on this.
> 
> - Scott
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general




More information about the general mailing list