[security] MITM attacks on OpenID direct verification and association

[Hans Granqvist]

thayes0993 at AOL.COM wrote:
> In short, associations are useful for reducing the cost of verifying 
> assertions by allowing the verification to be performed by the RP.  
> However they do not add to the resistance to MITM attacks.

So you found it as easy to set up a fake OP as it is to proxy-change
a DV 'no' to 'yes' down-stream?

I bet you didn't. And that complexity difference is the added
resistance.

-Hans