[security] [dix] Re: Gathering requirements for in-browser OpenID support
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Nov 1 11:08:33 UTC 2006
James A. Donald wrote:
>
> The famous example of this was Mountain America Credit
> Union, which was phished by a phisher whose web site was
> quite legitimately called Mountain-America.net, and who
> had a verisign certificate to prove it.
Just for the record, it was Geotrust and not Verisign, so it could have
happened to any other CA, since as you reported, the site was
legitimate. However the certificate was domain validated and
Persona/Identity was not validated, which wouldn't have
succeeded...(most likely).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/5f55feb7/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/5f55feb7/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/5f55feb7/attachment-0002.bin>
More information about the security
mailing list