[OpenID] OpenID and phishing (wasAnnouncing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Ka-Ping Yee openid at zesty.ca
Sat Jan 20 10:24:01 UTC 2007

On Fri, 19 Jan 2007, Scott Kveton wrote:
> > How can it be considered out of spec for OpenId, if the mechanics of OpenId
> > authentication seem to assist phishing?
> > I clearly see it being something that can hold up the official release of
> > OpenId 2.0 for a pretty lengthy time - and I realise nobody wants that to
> > happen.
> Phishing is a _huge_ problem ... By huge I don't mean its happening all over
> the place, I mean its an the-Internet-Sucks problem.  That alone is reason
> enough to leave it as out-of-scope for OpenID.

No one expects OpenID to make phishing go away.  I understand that.
But OpenID exacerbates phishing, and that has to be acknowledged.

-- ?!ng

More information about the general mailing list