[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Gavin Baumanis gavin.baumanis at rmit.edu.au
Sat Jan 20 00:13:09 UTC 2007


Bob,
 
I don't necessarily disagree with you.
 
What would make me happy?
I suppose the insistence that the phishing related document be
appropriately referenced and appropriately positioned in the 2.0 spec
AND
the phishing "appendix" be released at the same time as the 2.0 spec. -
I.e. the 2.0 spec should not be released without the appendix document.
 
=gavin.baumanis

>>> On Saturday, January 20, 2007 at 11:05, in message
<45be5cd40701191605h6589feccga41f5033b765ff10 at mail.gmail.com>, "Bob
Wyman" <bob at wyman.us> wrote:
On 1/19/07, Gavin Baumanis <gavin.baumanis at rmit.edu.au> wrote:
> I think not addressing [Phishing] in the spec ... is not a wise
decision... 

I keep gettting the sense that somehow people seem to think that "not
addressing phishing in the spec" is the same as "not addressing
phishing." But, phishing can certainly be addressed in a distinct
document and the two documents can then be linked together. By having
two related documents, we can "address phishing" without addressing it
in the spec. Actually, I think doing it that way would make a great deal
of sense -- It's a standard separation of concerns. 

bob wyman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070120/79e4cab4/attachment-0002.htm>


More information about the general mailing list