[OpenID] OpenID and phishing (was AnnouncingOpenIDAuthentication 2.0 - Implementor's Draft 11)

James A. Donald jamesd at echeque.com
Mon Jan 22 21:03:45 UTC 2007


Scott Kveton wrote:
> Let's all not forget that the best part about OpenID 2.0 is that there will
> be an OpenID 2.1, 3.0 ... Maybe even XP, Vista or 2008 (I kid).  Putting a
> requirement like the above on OpenID 2.0 will halt adoption ... We can't
> demand that browsers and other user agents change before we move forward
> IMHO.

Open ID cannot mandate phishing protection, since that requires UA 
upgrades.  It can *enable* phishing protection for suitable UAs, and 
also provide best practice sample code for OPs



More information about the general mailing list