[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Hans Granqvist hgranqvist at verisign.com
Mon Jan 22 18:20:24 UTC 2007

Ben Laurie wrote:
> On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> ...
>> I whined a bit about that here:
>> http://commented.org/blog/2007/1/19/openid-and-phishing.html
> Could it be because the security profiles are between the RP and the
> OP, and so don't address the problem of phishing one iota?

Fairly odd response in light of what you say here:

Or are you suggesting these RP profiles be consumed by the UA?


More information about the general mailing list