[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
bob at wyman.us
Sat Jan 20 00:05:53 UTC 2007
On 1/19/07, Gavin Baumanis <gavin.baumanis at rmit.edu.au> wrote:> I think not
addressing [Phishing] in the spec ... is not a wise decision...
I keep gettting the sense that somehow people seem to think that "not
addressing phishing in the spec" is the same as "not addressing phishing."
But, phishing can certainly be addressed in a distinct document and the two
documents can then be linked together. By having two related documents, we
can "address phishing" without addressing it in the spec. Actually, I think
doing it that way would make a great deal of sense -- It's a standard
separation of concerns.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general