[OpenID] [oauth] Re: [diso-project] Re: OpenID Accessibility
Ben Laurie
benl at google.com
Sun Nov 2 11:17:32 PST 2008
On Sun, Nov 2, 2008 at 5:13 PM, Joseph A Holsten
<joseph at josephholsten.com> wrote:
>
> Has anyone specifically focused on the issues of phishing and
> accessibility? I know the default reader for mac 10.4 doesn't even
> try to say the url when it changes. Academic literature on the
> subject seems scarce. [1] Is phishing resistance outside the scope of
> OAuth and OpenID accessability?
Well, its in scope of something. The PAPE extension allows OPs to
claim phishing resistance, for example. But wouldn't it be nice if
browsers just automatically supported a phishing resistant password
scheme? J-PAKE seems like an interesting way to experiment with that
(I just implemented it in OpenSSL, btw).
More information about the general
mailing list