Proposal: An anti-phishing compromise
john kemp
john.kemp at mac.com
Fri Feb 2 19:22:03 UTC 2007
Johnny Bufu wrote:
>
> On 2-Feb-07, at 7:05 AM, George Fletcher wrote:
>> but I'm still not sure how this helps with the phishing problem. As
>> you pointed out John, the issue is a rogue RP redirecting to a rogue
>> OP. So the rogue OP just steals the credentials and returns whatever
>> it wants.
>
> In this case, the rogue RP is not interested at in the the auth response
> from the rogue OP (or for that matter from the legitimate OP); just in
> stealing the user's credentials.
>
> The phishing field prevents the phisher to later use these credentials
> on a legitimate RP (which will be contacting the legitimate OP) to
> impersonate the user -- if the RP enforces "phishable = no".
I guess I'm confused by the above.
If the OP has stolen the user's credentials, it can just say "phishable
= no" and pass its assertion regarding those credentials to the RP. This
is about a rogue OP, and the relationship between the OP and the user,
not really about the relationship between the OP and RP (although if the
RP knew whether or not it could trust the OP by some out-of-band means,
it would simply not accept an assertion from the OP unless that trust
was established).
You might use a rogue RP to start the attack, but the attack is actually
performed by the rogue OP, not the rogue RP.
- John
More information about the specs
mailing list