[OpenID] External authentication 2.0
Recordon, David
drecordon at verisign.com
Sun Jan 14 22:13:33 UTC 2007
Hey Dimitry,
OpenID is susceptible to MITM attacks if not correctly using SSL as
discussed throughout the spec.
--David
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Dmitry Shechtman
Sent: Saturday, January 13, 2007 1:36 AM
To: 'Paul Madsen'
Cc: 'openid-general'
Subject: [OpenID] External authentication 2.0
1. Isn't OpenID susceptible to MITM between OP and RP?
2. Is XMPP sufficiently secure? Will requesting the user to simply reply
with '1' (rather than follow a link) do?
Regards,
Dmitry
=damnian
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list