[OpenID] Why spoofing and OpenID look so much alike

[Jack Cleaver]

Peter Williams wrote:
> In ie3, authenticode users were shown a very characteristic 
> certificate-like dialog, introducing the trusted publishers of native
>  code in signed/timestampvalidated activex form.

But users didn't know how to tell if it was real or not. More
particularly, users know that a picture on the screen of a seal, or of
sqiggly lines like you see on certificates and banknotes, are just that:
pictures. So if you show them (a rendition of) a real certificate with
those pictorial attributes, they are rightly suspicious: someone is
trying to use easily-faked images to convince them that something is real.

Fershure _I_ don't know how to help users distinguish between the real
and the fake; but images that look like seals are snake-oil, and sooner
or later users will suss that out (sooner, most likely).

-- 
Jack.