Proposition: possible anti-phishing solution

[Boris Erdmann]

Preamble: Please direct me to the right list, if you
feel that this one isn't. But since this thread could
lead to some small changes in the OpenID Spec,
I thought I could as well post it here. --


Assume the following:

* A browser can detect, that the currently loaded page
 is a login page for a certain identifier (that is: the page
 requests input of credentials)

* The browser is able to identify that the input destination
 of such credentials is valid for the identifier in question

* The browser is able to communcate to users,
  that they are about to enter credentials for that very
  identifier.

Assume also:

* Users can be educated to be suspicious about a certain
 class of login pages if those pages don't invoke browser
 interception.

Proposition:
=========
If the identifier in the above assumptions is an OpenID
those assumptions suffice for such browser to make
the login page phishing "proof".



Please let's validate/discuss that statement.
(but not the assumptions in the first place)

If we find the proposition to be true, honing the
OpenID 2.0 Spec should be possible.
( I have specific ideas... )

I also have a proof of concept firefox extension ready

-- Boris