[OpenID] OpenID and phishing (wasAnnouncing OpenIDAuthentication 2.0 - Implementor's Draft 11)
James A. Donald
jamesd at echeque.com
Mon Jan 22 19:30:31 UTC 2007
--
Scott Kveton wrote:
> 1) OpenID will not solve phishing 2) To limit the
> problem, we'll need a set of best practices for OP's
> 3) There is no silver bullet for solving phishing and
> users will want to choose what level of security they
> want; we can't mandate any of this or we'll lose the
> very value of what makes OpenID great.
Phishing is a solvable problem, and the primary
competitor of OpenID provides a substantial part of the
necessary security perimeter.
Completely stopping phishing requires a complete
security perimeter, which is a big project, but
providing the hooks needed for the complete security
perimeter, plus a large enough part of the needed
security perimeter to stop most existing attacks is a
considerably smaller project.
http://blog.phpbb.cc/2007/01/20/identity-manager-a-browser-based-solution-to-openid-phishing/
is a good start.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
TrQ4TJiwDJtbu24GpMtzQGj2fbnSRvbZVQBpuUdr
4Gu+xIjzdUs59JZruFzh/nMRalowfAqj3n2+rBTnE
More information about the general
mailing list