[OpenID] Fwd: OpenID Spoofing

Dick Hardt dick at sxip.com
Thu Jan 11 22:38:02 UTC 2007

For those of you not following the ID Gang mailing list ...

Begin forwarded message:

> From: "Bob Wyman" <bob at wyman.us>
> Date: January 11, 2007 2:31:52 PM PST (CA)
> To: idworkshop at googlegroups.com
> Subject: Re: OpenID Spoofing
> Reply-To: idworkshop at googlegroups.com
> On 1/11/07, Dick Hardt <dick at sxip.com> wrote:
> > A couple of examples of server-side-only solutions:
> > Yahoo's cookie and picture technique is an example.
> > One of my banks makes me install a client side cert to login.
> It seems to me that some sort of a "cookbook" providing easy to  
> understand documentation of these and other methods would go a long  
> way to increasing the likelihood that these methods would be  
> implemented. Given that this spoofing issue is probably going to  
> end up being a significant barrier to wide adoption of OpenID  
> (Cameron from Microsoft is already using it against OpenID), it  
> would be in the interests of the everyone to ensure that these  
> techniques are well known and widely deployed.
> bob wyman
> --~--~---------~--~----~------------~-------~--~----~
>  You received this message because you are subscribed to the Google  
> Groups "Identity Gang" group.
> To post to this group, send email to idworkshop at googlegroups.com
> To unsubscribe from this group, send email to idworkshop- 
> unsubscribe at googlegroups.com
> For more options, visit this group at http://groups-beta.google.com/ 
> group/idworkshop?hl=en
> -~----------~----~----~----~------~----~------~--~---

More information about the general mailing list