[OpenID] [security] Another Client-side Password Phishing Mitigation Idea

Marcin Jagodziński marcin.jagodzinski at gmail.com
Mon Jan 22 08:38:28 UTC 2007

2007/1/22, Chris Drake <christopher at pobox.com>:
> Hi All,
> Read my proposals from about 3 months back.  I explained how plugins
> will need to recognize OpenID login pages.  I proposed the technical
> solution. It's the same concept as "IdP initiated logins" (since
> something else besides the RP web page initiates the login - eg - the
> browser plugin).

Could you point us to specific message? Thanks.

> Be warned - my proposal got flamed and ignored.

> IMHO - OpenID needs to have hooks to let anti-phishing technology
> evolve, otherwise both will die off (succumbing to InfoCard)

That exactly my point. We don't need to invent plugins/browsers,
specify their functionalities. We just need to make sure, the browser
will know when to fire up plugin.



More information about the general mailing list