[OpenID] An OpenID "mobile" Hint?
Nat Sakimura
sakimura at gmail.com
Fri Jun 6 01:59:49 UTC 2008
It is not as bad as you may think.
The http header is assigned by the carrier's gateway, and all the communication
after that can be HTTPS. Carriers also publish the IP addresses and more of
their gateways. Using all these information, you should be in a pretty
good state.
(This is off topic, though, I think..., so I will stop here.)
=nat
On Fri, Jun 6, 2008 at 12:32 AM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
>> For many WAP phones and its variations, there is an associated
>> identifier for each phone that identifies the hardware. When possible,
>> it would be worthwile to use those as a part of credentials.
>
> As a part of, yes - but how easy would it be to spoof that hardware key?
>
> -Shade
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
More information about the general
mailing list