[OpenID] What does Sxipper do?

Ben Laurie benl at google.com
Tue Jan 23 15:50:46 UTC 2007


On 1/23/07, Dick Hardt <dick at sxip.com> wrote:
>
> On 23-Jan-07, at 2:19 AM, Ben Laurie wrote:
>
> > So, it's been mentioned several times that Sxipper defends against the
> > MitM attack on IdPs. But how? I can't find any information on it.
>
> Sxipper intercepts the browser calls to the Sxipper OP. If the RP
> sends the user to a different OP (MITM), then nothing happens.
> Sxipper has intimate knowledge of its own OP, so pretty hard to do
> any MITM attack

Nothing happens? Or Sxipper thinks its a new OP? In any case,
documentation would be nice.

> > Also, I know several people that would be interested in trying Sxipper
> > but have declined to download it due to the lack of a visible licence.
>
> License is displayed during install. Had not thought about is being
> available prior, good point.
>
> >
> > Finally, isn't this a little naughty? Front page:
> >
> > "Trustworthy - encrypts your personal data and stores it on your
> > computer"
> >
> > Release notes:
> >
> > "Encrypting profile store
> >
> > Your profile data is saved on your hard drive, it is currently not
> > encrypted."
>
> It is still an early beta! ... but we should note the discrepancy on
> the home page.
>
> -- Dick
>
>
>
>



More information about the general mailing list