[OpenID] Phishing resistant policy of PAPE
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Oct 29 01:38:05 UTC 2008
On 10/29/2008 02:43 AM, Breno de Medeiros:
>> PAPE doesn't protect against anything, it gives an opinion about the
>> authentication methods used. There is no authority or standards body
>> confirming implementations.
>>
>
> This is equivalent to say that non-EV SSL certificates do not protect
> against anything, but EV certificates do because the implementations
> are confirmed.
>
Non-EV certificates protect at least against MITM attacks, EV provide
additionally identification according to the EV guidelines as defined by
the EV/Browser forum. Non-EV may do that too, but not according to the
same guidelines....but I guess this is the wrong forum for this kind of
discussions.
However PAPE doesn't give and can't give any guaranties whatsoever. It
provides an *opinion* of the provider concerning the implemented
authentication methods. It's upon the RP to make the correct assessment
concerning the information received. This is like self-signed
certificates - it's a claim but you don't know for sure (except in the
rare case you've got the fingerprint and you know the other party).
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081029/94c1137c/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081029/94c1137c/attachment-0002.bin>
More information about the general
mailing list