[OpenID] Fwd: OpenID Spoofing

David Nicol davidnicol at gmail.com
Sat Jan 13 05:31:02 UTC 2007


On 1/12/07, James A. Donald <jamesd at echeque.com> wrote:
> [...]  We need a system that ensures that messages are
> accompanied by proof of relationship - that a message
> that purports to come from a site where you have a login
> relationship *does* come from a site where you have a
> login relationship.

Zooko's triangle applies here.

A secure, easy-to-use openID-based messaging system would be easy to set
up, but would not be decentralized. (and security would work only as far as
the various IDps anyway)

PGP remains the underadopted technology that solves a lot.



More information about the general mailing list