[OpenID] OpenID and phishing (was Announcing OpenID Authentication 2.0 - Implementor's Draft 11)
James A. Donald
jamesd at echeque.com
Sat Jan 20 00:30:20 UTC 2007
Ben Laurie wrote:
> Exactly. I wouldn't expect OpenID to _solve_ phishing
> all on its lonesome, but making it worse really does
> strike me as a serious problem - and one that should
> cause all security people to recommend avoiding it
> like the plague. We should be progressing on phishing,
> not regressing.
>
> OTOH, I think this religious attitude that says
> browser plugins are to be avoided at all costs is
> wrong-headed. Browser authentication is broken.
> Someone has to apply pressure that'll fix that
> situation!
Passpet needs to exist, and needs to support SRP and
OpenID.
More information about the general
mailing list