[OpenID] Fwd: OpenID Spoofing

David Nicol davidnicol at gmail.com
Fri Jan 12 23:15:58 UTC 2007

if their bank suddenly deals in openID identities (instead of e-mail
addresses or
tipjar nicknames or whatever) yes...  although saying "it's the IdP's
problem" and
moving on should work.  shared-secret OTP key fobs are all the rage now AIUI

On 1/12/07, Dmitry Shechtman <damnian at gmail.com> wrote:

> I'm not trying to say there is problem here, but isn't it way out of our
> scope? If nobody (well, almost nobody) can be sure it's really their bank
> they're signing into, should they be concerned about their IdP?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070112/e345db3d/attachment-0002.htm>

More information about the general mailing list