[OpenID] OpenID and phishing (was Announcing OpenID Authentication 2.0 - Implementor's Draft 11)

James A. Donald jamesd at echeque.com
Sat Jan 20 00:30:20 UTC 2007

Ben Laurie wrote:
 > Exactly. I wouldn't expect OpenID to _solve_ phishing
 > all on its lonesome, but making it worse really does
 > strike me as a serious problem - and one that should
 > cause all security people to recommend avoiding it
 > like the plague. We should be progressing on phishing,
 > not regressing.
 > OTOH, I think this religious attitude that says
 > browser plugins are to be avoided at all costs is
 > wrong-headed. Browser authentication is broken.
 > Someone has to apply pressure that'll fix that
 > situation!

Passpet needs to exist, and needs to support SRP and

More information about the general mailing list