[OpenID] OpenID and phishing (wasAnnouncing OpenIDAuthentication 2.0 - Implementor's Draft 11)

James A. Donald jamesd at echeque.com
Mon Jan 22 19:30:31 UTC 2007


     --
Scott Kveton wrote:
 > 1) OpenID will not solve phishing 2) To limit the
 > problem, we'll need a set of best practices for OP's
 > 3) There is no silver bullet for solving phishing and
 > users will want to choose what level of security they
 > want; we can't mandate any of this or we'll lose the
 > very value of what makes OpenID great.

Phishing is a solvable problem, and the primary
competitor of OpenID provides a substantial part of the
necessary security perimeter.

Completely stopping phishing requires a complete
security perimeter, which is a big project, but
providing the hooks needed for the complete security
perimeter, plus a large enough part of the needed
security perimeter to stop most existing attacks is a
considerably smaller project.

http://blog.phpbb.cc/2007/01/20/identity-manager-a-browser-based-solution-to-openid-phishing/ 
is a good start.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      TrQ4TJiwDJtbu24GpMtzQGj2fbnSRvbZVQBpuUdr
      4Gu+xIjzdUs59JZruFzh/nMRalowfAqj3n2+rBTnE




More information about the general mailing list