[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Hans Granqvist hgranqvist at verisign.com
Mon Jan 22 18:20:24 UTC 2007


Ben Laurie wrote:
> On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> ...
>> I whined a bit about that here:
>> http://commented.org/blog/2007/1/19/openid-and-phishing.html
> 
> Could it be because the security profiles are between the RP and the
> OP, and so don't address the problem of phishing one iota?

Fairly odd response in light of what you say here:
http://openid.net/pipermail/security/2007-January/000209.html

Or are you suggesting these RP profiles be consumed by the UA?

-Hans



More information about the general mailing list