[OpenID] OpenID & Phishing: Staying on track ...

Scott Kveton scott at janrain.com
Mon Jan 22 17:26:43 UTC 2007


Lots of enlightening (and somewhat entertaining) discussions this weekend
about OpenID and phishing.  I know we here at JanRain have been working hard
over the last couple of days working on some new security features that will
be built into MyOpenID.com based on these discussions ... All I can say is
you folks are idea factories ... :-)

I would strongly encourage people to update the wiki here:

http://openid.net/wiki/index.php/OpenID_Phishing_Brainstorm

As we don't want to lose the good information from this thread.  I have also
started to link to some of the discussion happening on people's blog posts
as well (at the bottom of that page).  I don't think we all want to re-hash
this discussion every couple of months.  Let's catalog it and start the
wheels turning towards solving the problems at hand.

Finally, let's not forget that OpenID 1.1 is out in the wild and growing in
momentum (we're seeing 10 - 15 new RP's a day showing up on MyOpenID.com).
Let's keep the bickering to a minimum and focus on finalizing OpenID 2.0 and
building a solid strategy for mitigating the phishing problem.

- Scott




More information about the general mailing list