[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
benl at google.com
Sat Jan 20 15:12:27 UTC 2007
On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> Ben Laurie wrote:
> > ...
> > I do not agree that its not an issue for the spec. As it stands, the
> > spec completely washes its hands of this issue, and I don't think
> > that's acceptable.
> What I don't get is why everyone seemed to not care when
> we were discussing "OpenID security profiles" a few months
> I whined a bit about that here:
Could it be because the security profiles are between the RP and the
OP, and so don't address the problem of phishing one iota?
More information about the general