[OpenID] Another Client-side Password Phishing Mitigation Idea
Marcin Jagodziński
marcin.jagodzinski at gmail.com
Sun Jan 21 19:22:03 UTC 2007
Dmitry,
I think we are moving too fast. The problem "which functionalities
should be included in plugin" / "how plugin should look like" is not
the problem we are facing now. The real problem is:
1) what if phisher prepare page so that plugin will not start
2) what if legitimate OP prepare the page so the that plugin will not start
regards
2007/1/21, Dmitry Shechtman <damnian at gmail.com>:
> There are a few DISadvantages to this proposal:
>
> * it works on all password forms, not just for OpenID
> * it forcefully disrupts the flow of the user
>
>
> FUNCTION warning-dialog.onshow()
>
> IF warning-dialog.contains-dont-show-again-checkbox()
> dont-show-again-checkbox.select()
> ok-button.click
> RETURN ok
> END IF
>
> IF anti-phishing-mitigation.is-addon()
> anti-phishing-mitigation.uninstall()
> RETURN ok
> END IF
>
> browser.uninstall()
> RETURN not-ok
>
> END FUNCTION
>
>
> What's wrong with an identity manager?
>
>
> Regards,
> Dmitry
> =damnian
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list