OpenID homesite authorization spoofed
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 23 21:36:04 UTC 2006
Josh Hoyt wrote:
> Also note that the presentation of user credentials to MyOpenID.com
> *does* happen over SSL and that once a user has signed in to their
> MyOpenID.com account, all communication with that user (e.g.
> presentation of authentication requests) happens over SSL.
OK, excellent! In any case, the idea of the test wasn't specific against
myopenid.com, which was just a convenience...So if this is secured, the
better...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/568568ba/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/568568ba/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/568568ba/attachment-0002.bin>
More information about the general
mailing list