[OpenID] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Fri Jan 12 17:56:51 UTC 2007

> I don't like having to put the burden on the users to install client-side
> software.  Also, there is the possibility (although remote) that a user
> could be phished to install a extension that does "bad things" as well.
> And what is there to stop other extensions you install for one thing from
> doing "bad things" with your identity?


> I'm really hoping that the Firefox 3.0 release will integrate OpenID in 
> such a way to alleviate a lot of these risks:
> http://radar.oreilly.com/archives/2007/01/firefox_30_requ.html

I really hate to say it in this forum, but we (myself included) often forget
that the world isn't spinning around OpenID.

Why should an OpenID provider be a special case? Just assign it a petname,
and you're done. I'm not sure whether Petnames are expected to be part of FF
3.0, but they certainly seem to do the trick.


More information about the general mailing list