[OpenID] Yahoo issue

John Panzer jpanzer at acm.org
Wed Feb 6 05:50:31 UTC 2008 

Peter,

I think you're downplaying the significance of comments.  A Yahoo user 
can post an authoritative memo on a Blogger blog, in the form of a 
comment, today.  This is equivalent to email providers interoperating, 
though with far better authentication than email. 

Your quoted text sounded a bit florid for us :), so I went and checked. 
The actual wording of the claim is:

    You'll see the OpenID icon (OpenID icon) next to the names of
    commenters who posted with their OpenID. This icon assures you that
    the person who posted the comment is the same person blogging at the
    URL their name links to. Say goodbye to comment spoofing!

In the context of blogging, comment spoofing means that I take your blog 
URL and put it in as my signature, and thereby pretend to be you.  
Blogger used to let commenters do this if the blog owners chose to allow 
anonymous comments.  Unfortunately 'anonymous' really means 'don't make 
them get yet another account just to leave a comment.' and so they are 
often actually signed in an unverifiable way.

OpenID lets us eliminate this comment spoofing, barring rogue or 
compromised blog provider OPs.  We do not have a whitelist but we can if 
necessary blacklist compromised OPs.  We don't particularly care about 
something like bugmenot.

John


Peter Williams wrote:
> The blurb is rather misleading - unless Blogger is operating an OP white list. It cliams that comment spoofing is thing of the past - which is obviously not true no matter what semantics one applies to the spin verbiage.
>  
> "Whereas HTTP Headers might have been manipulated by the evil {choose a foreign enemy nation} mafia, comment spoofing protection by Google now fights evil with the web2.0's ultimate Sword of Damacles (openid2), cleveing forever a rift between spoofed and non-spoofed blog comments."
>  
> Im being harsh. Adoption is always king - and adoption of authenticated comments by the major blog portals should be highly commended. But, lets not get carried away. The main act is yet to play: can a yahoo-user login to his Blogger site via openid, to post an authoritative memo (and vice versa). 
>  
> ________________________________
>
> From: Dick Hardt [mailto:dick at sxip.com]
> Sent: Tue 2/5/2008 6:29 PM
> To: Peter Williams
> Cc: Martin Atkins; general at openid.net
> Subject: Re: [OpenID] Yahoo issue
>
>
>
>
> On 5-Feb-08, at 5:28 PM, Peter Williams wrote:
>
>   
>> Url to the google endpoint pls?
>>     
>
>
> used for comments on blogger -- been supported for a while
>
> you can learn about here:
>         http://buzz.blogger.com/2007/12/openid-commenting.html
>
> more info at:
>         http://www.google.com/search?q=google+openid+blogger
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080205/7121a0fc/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid16-rounded.gif
Type: image/gif
Size: 543 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080205/7121a0fc/attachment-0002.gif>

More information about the general mailing list