[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)
Ben Laurie
benl at google.com
Mon Jan 22 18:35:59 UTC 2007
On 1/22/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> Ben Laurie wrote:
> > On 1/19/07, Hans Granqvist <hgranqvist at verisign.com> wrote:
> > ...
> >> I whined a bit about that here:
> >> http://commented.org/blog/2007/1/19/openid-and-phishing.html
> >
> > Could it be because the security profiles are between the RP and the
> > OP, and so don't address the problem of phishing one iota?
>
> Fairly odd response in light of what you say here:
> http://openid.net/pipermail/security/2007-January/000209.html
Why?
> Or are you suggesting these RP profiles be consumed by the UA?
No.
>
> -Hans
>
More information about the general
mailing list