OpenID homesite authorization spoofed
James A. Donald
jamesd at echeque.com
Mon Oct 23 11:54:37 UTC 2006
Recordon, David wrote:
> If this involved DNS spoofing, then it certainly is
> known that OpenID can be exploited in such fashion,
> just as every other site out on the Internet today not
> using DNSSEC can be.
No.
Sites that use SRP or HTTPS cannot be exploited in this
fashion.
If your bookmark says https://hushmail.com, and you
click on your bookmark, you will get to the right
hushmail.com, or fail to get anywhere.
More information about the general
mailing list