[OpenID] Fwd: OpenID Spoofing

Dmitry Shechtman damnian at gmail.com
Fri Jan 12 23:03:04 UTC 2007

As David and Paul pointed out, SSL clearly doesn't solve MITM as far as
dummies are concerned.


I'm not trying to say there is problem here, but isn't it way out of our
scope? If nobody (well, almost nobody) can be sure it's really their bank
they're signing into, should they be concerned about their IdP?






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070113/faac2b1f/attachment-0002.htm>

More information about the general mailing list