OpenID security questions
Burt Harris
Burt.Harris at microsoft.com
Mon Sep 11 23:04:32 UTC 2006
I've spent the weekend reading up on OpenID. Very cool, I'm interetested. I've got a couple of questions regarding security of the approach:
Has a systematic analysis of threats to OpenID been made and published?
Does OpenID require that SSL be used by the consumer site when fetching the identifier URL? If not, wouldn't that leave the entire sequence of operations vulnerable to DNS spoofing, etc?
Burt Harris
Microsoft Live Meeting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20060911/9683f57b/attachment-0002.htm>
More information about the general
mailing list