[OpenID] OpenID 2.0, PAPE, and handling monetary transactions
Peter Williams
pwilliams at rapattoni.com
Mon Dec 17 00:58:13 UTC 2007
Having just come out of a 6h security exam (which I surely failed) let me continue to think exami-anal.
Claim: uncited email has phishing property
Claim: said email mentioned usaa brand bankcard
Discussion: attach claims to previous thread discussing usaa, imputing potental issue and evidence
Disclaimer: folks at usaa are not evil
Implied claim: consider the pertinency of usaa being both the poster child for openid in banking and being in evidence as a vector for phishing
Recall: openid and phishing is a ongoing work group task.
-----Original Message-----
From: Jack Cleaver <jack at jackpot.uk.net>
Sent: Sunday, December 16, 2007 4:31 PM
To: Eric Norman <ejnorman at doit.wisc.edu>
Cc: openid-general General <general at openid.net>
Subject: Re: [OpenID] OpenID 2.0, PAPE, and handling monetary transactions
Eric Norman wrote:
>
> No accusations here, just noting the coincidence.
Well, you must mean *something*, but neither of the URLs you referred to
were present in the message to which you replied. There was one link,
which said it went to a wiki, and that's where it went. No?
So which coincidence did you have in mind? What *did* you mean?
--
Jack.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list