[OpenID] Fwd: OpenID Spoofing
Dmitry Shechtman
damnian at gmail.com
Sun Jan 21 18:23:43 UTC 2007
Currently sites with "bad" certs are more secure than good ones, because the
approve-this-bad-cert dialog will come up and you can verify that its the
same bad
cert as last time :)
Here's a crazy idea: what if the OP used such a "bad cert"?
E.g. MyOpenID.com could use JanRain's cert. This way all users would get a
chance to inspect the cert (and also get to know the company behind the OP
by the way).
Regards,
Dmitry
=damnian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070121/a7f01146/attachment-0001.htm>
More information about the general
mailing list