[OpenID] OpenID and phishing (wasAnnouncing OpenIDAuthentication 2.0 - Implementor's Draft 11)
Ka-Ping Yee
openid at zesty.ca
Sat Jan 20 10:24:01 UTC 2007
On Fri, 19 Jan 2007, Scott Kveton wrote:
> > How can it be considered out of spec for OpenId, if the mechanics of OpenId
> > authentication seem to assist phishing?
> > I clearly see it being something that can hold up the official release of
> > OpenId 2.0 for a pretty lengthy time - and I realise nobody wants that to
> > happen.
>
> Phishing is a _huge_ problem ... By huge I don't mean its happening all over
> the place, I mean its an the-Internet-Sucks problem. That alone is reason
> enough to leave it as out-of-scope for OpenID.
No one expects OpenID to make phishing go away. I understand that.
But OpenID exacerbates phishing, and that has to be acknowledged.
-- ?!ng
More information about the general
mailing list