[OpenID] Fwd: OpenID Spoofing
davidnicol at gmail.com
Fri Jan 12 23:15:58 UTC 2007
if their bank suddenly deals in openID identities (instead of e-mail
tipjar nicknames or whatever) yes... although saying "it's the IdP's
moving on should work. shared-secret OTP key fobs are all the rage now AIUI
On 1/12/07, Dmitry Shechtman <damnian at gmail.com> wrote:
> I'm not trying to say there is problem here, but isn't it way out of our
> scope? If nobody (well, almost nobody) can be sure it's really their bank
> they're signing into, should they be concerned about their IdP?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general