[OpenID] External authentication 2.0

Recordon, David drecordon at verisign.com
Sun Jan 14 22:13:33 UTC 2007

Hey Dimitry,
OpenID is susceptible to MITM attacks if not correctly using SSL as
discussed throughout the spec.


-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Dmitry Shechtman
Sent: Saturday, January 13, 2007 1:36 AM
To: 'Paul Madsen'
Cc: 'openid-general'
Subject: [OpenID] External authentication 2.0

1. Isn't OpenID susceptible to MITM between OP and RP?
2. Is XMPP sufficiently secure? Will requesting the user to simply reply
with '1' (rather than follow a link) do?


general mailing list
general at openid.net

More information about the general mailing list