[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
hgranqvist at verisign.com
Mon Jan 22 18:20:24 UTC 2007
Ben Laurie wrote:
> On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
>> I whined a bit about that here:
> Could it be because the security profiles are between the RP and the
> OP, and so don't address the problem of phishing one iota?
Fairly odd response in light of what you say here:
Or are you suggesting these RP profiles be consumed by the UA?
More information about the general