[OpenID] What does Sxipper do?
dick at sxip.com
Tue Jan 23 15:10:59 UTC 2007
On 23-Jan-07, at 2:19 AM, Ben Laurie wrote:
> So, it's been mentioned several times that Sxipper defends against the
> MitM attack on IdPs. But how? I can't find any information on it.
Sxipper intercepts the browser calls to the Sxipper OP. If the RP
sends the user to a different OP (MITM), then nothing happens.
Sxipper has intimate knowledge of its own OP, so pretty hard to do
any MITM attack
> Also, I know several people that would be interested in trying Sxipper
> but have declined to download it due to the lack of a visible licence.
License is displayed during install. Had not thought about is being
available prior, good point.
> Finally, isn't this a little naughty? Front page:
> "Trustworthy - encrypts your personal data and stores it on your
> Release notes:
> "Encrypting profile store
> Your profile data is saved on your hard drive, it is currently not
It is still an early beta! ... but we should note the discrepancy on
the home page.
More information about the general