[security] [dix] Re: Gathering requirements for in-browser OpenID support

[James A. Donald]

Chris Drake wrote:
> For the benefit of me and others reading this thread, can you briefly
> explain how you would deploy EKE in a browser to defeat MitM ?

To make this work, we need the browser chrome to handle the login rather 
than the web page — in the case of firefox a browser extension — 
requires an extension to current browser practices.