[security] [dix] Re: Gathering requirements for in-browser OpenID support
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Oct 31 23:33:26 UTC 2006
Dan Lyke wrote:
> On Tue, 31 Oct 2006 03:00:08 -0800, Eddy Nigg (StartCom Ltd.) wrote:
>
>> Guess, he will have a hard time getting a cert for this...Usually
>> wild card certificates require additional verifications as well...
>>
>
> I've seen at least one phishing spam (and my filters are pretty good,
> I don't end up reading too many of 'em) that had an address like
> https://paypalsecuritycentral.com or some other similarly convoluted
> and unofficial but possibly believable name.
>
Not from StartCom hopefully ;-) (A name like that shouldn't happen in
any case...)
> Those of us who are skeptical about
> what HTTPS can do I think are largely looking at this from a "locking
> the screen door" perspective, on the other hand so many attacks are so
> unsophisticated that maybe locking the screen door is a good idea.
>
Certainly SSL doesn't solve all the problems, but is giving a certain
level of protection. However my idea was and is only partly based on SSL
security, but other things as well!
Cheers!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/2bd746e9/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/2bd746e9/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061101/2bd746e9/attachment-0002.bin>
More information about the security
mailing list