[OpenID] Phishing resistant policy of PAPE
Breno de Medeiros
breno at google.com
Wed Oct 29 00:21:57 UTC 2008
On Tue, Oct 28, 2008 at 5:12 PM, Eric Norman <ejnorman at doit.wisc.edu> wrote:
>
> On Oct 28, 2008, at 6:41 PM, Breno de Medeiros wrote:
>
>> The phishing attack that you presented above is not a phishing attack
>> that can be prevented.
>
> Information cards seem to provide effective resistance.
Against sites that ask users for their credit cards?
> Some argue that EV certificates provide such resistance.
Against sites that ask users for their credit cards?
> Some even argue that regular old server certificates can
> provide such resistance.
Against sites that ask users for their credit cards?
>
I don't see how any of these technologies prevent against the attack
you described. None prevent against the case when the site does not
support the proposed solution above, but the user creates a local
account and enters a credit card.
> Eric Norman
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
More information about the general
mailing list