[OpenID] What does Sxipper do?
Dick Hardt
dick at sxip.com
Tue Jan 23 15:10:59 UTC 2007
On 23-Jan-07, at 2:19 AM, Ben Laurie wrote:
> So, it's been mentioned several times that Sxipper defends against the
> MitM attack on IdPs. But how? I can't find any information on it.
Sxipper intercepts the browser calls to the Sxipper OP. If the RP
sends the user to a different OP (MITM), then nothing happens.
Sxipper has intimate knowledge of its own OP, so pretty hard to do
any MITM attack
>
> Also, I know several people that would be interested in trying Sxipper
> but have declined to download it due to the lack of a visible licence.
License is displayed during install. Had not thought about is being
available prior, good point.
>
> Finally, isn't this a little naughty? Front page:
>
> "Trustworthy - encrypts your personal data and stores it on your
> computer"
>
> Release notes:
>
> "Encrypting profile store
>
> Your profile data is saved on your hard drive, it is currently not
> encrypted."
It is still an early beta! ... but we should note the discrepancy on
the home page.
-- Dick
More information about the general
mailing list