[OpenID] OpenID and phishing (was Announcing OpenID Authentication 2.0 - Implementor's Draft 11)

Bob Wyman bob at wyman.us
Fri Jan 19 21:11:00 UTC 2007

On 1/19/07, Jonathan Daugherty <cygnus at janrain.com> wrote:># OTOH, I think
this religious attitude that says browser plugins
># are to be avoided at all costs is wrong-headed.
> The attitude is the result of many of us admitting that firefox-using,
> plugin-using users are a minority within a minority and that the
>"just use a plug-in!" push ignores that fact.

It is amazing what marketing can accomplish and solving this problem will
require serious marketing as well as technology. Today, millions of people
who have no idea what a "virus blocker" does, have the things installed --
because they have been taught that they need one. They don't know why and
don't care. They only know that they must have one. Similarly, one can
imagine a world in which we teach the huddled-masses that they are idiots if
they run a machine that doesn't have OpenID (client-side protection)
installed... (Note: This is a very different message than: "Plug-ins are
cool and do neat things for you..." When a plug-in is marketed as
*required*, not merely "good," it will have a different adoption curve.)

We need, I think, to realize that in many application areas we've overrun
the capability of today's most commonly used browser to support development
of the applications we need. The virtual end of innovation that has resulted
from monopolization of the browser market makes it impossible to hope for
advancements in the most commonly used browser. Instead, what we see are
effort like CardSpace, which layer proprietary technologies into an
operating system -- with the clear goal of making that operating system
preferred -- rather than openly defined innovations that enhance the entire

It appears to me that a plug-in is the next best thing to having the
necessary intelligence built into the browser. Thus, things like Sxipper
+OpenID are probably the best we can do (and that ain't bad...) until we can
convince the browser developers to do what we require rather than just what
addresses their own needs.

bob wyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070119/eafbba07/attachment-0002.htm>

More information about the general mailing list