[security] [dix] Re: Gathering requirements for in-browser OpenID support
Ben Laurie
benl at google.com
Tue Oct 31 10:55:53 UTC 2006
On 31/10/06, James A. Donald <jamesd at echeque.com> wrote:
> Chris Drake wrote:
> > For the benefit of me and others reading this thread, can you briefly
> > explain how you would deploy EKE in a browser to defeat MitM ?
>
> To make this work, we need the browser chrome to handle the login rather
> than the web page — in the case of firefox a browser extension —
> requires an extension to current browser practices.
Not necessarily chrome, though that would probably be best. It could
be done in java or javascript (painfully, in the latter case), also.
More information about the general
mailing list