[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
Hans Granqvist
hgranqvist at verisign.com
Mon Jan 22 18:20:24 UTC 2007
Ben Laurie wrote:
> On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> ...
>> I whined a bit about that here:
>> http://commented.org/blog/2007/1/19/openid-and-phishing.html
>
> Could it be because the security profiles are between the RP and the
> OP, and so don't address the problem of phishing one iota?
Fairly odd response in light of what you say here:
http://openid.net/pipermail/security/2007-January/000209.html
Or are you suggesting these RP profiles be consumed by the UA?
-Hans
More information about the general
mailing list