[OpenID] [security] Another Client-side Password Phishing Mitigation Idea
marcin.jagodzinski at gmail.com
Mon Jan 22 08:38:28 UTC 2007
2007/1/22, Chris Drake <christopher at pobox.com>:
> Hi All,
> Read my proposals from about 3 months back. I explained how plugins
> will need to recognize OpenID login pages. I proposed the technical
> solution. It's the same concept as "IdP initiated logins" (since
> something else besides the RP web page initiates the login - eg - the
> browser plugin).
Could you point us to specific message? Thanks.
> Be warned - my proposal got flamed and ignored.
> IMHO - OpenID needs to have hooks to let anti-phishing technology
> evolve, otherwise both will die off (succumbing to InfoCard)
That exactly my point. We don't need to invent plugins/browsers,
specify their functionalities. We just need to make sure, the browser
will know when to fire up plugin.
More information about the general