On Fri, Jul 31, 2009 at 05:49:30PM +0100, Davi Diaz wrote: > Karl Goetz wrote: > > OpenID consumer support? > > No, please! It is weak in security. I would like do not have to repeat here > the discussion with dachary at IRC about the security weakness of the OpenID > standard. > > Please, do not build infrastructures on weak bases!
<police mode> - when things are moving off-topic, please change the subject - back up your claims </police mode> Last time I discussed OpenID I understood it was an evolving technology, so facts from 1 or 2 years ago probably don't apply anymore, and was otherwise secure. AFAIU the main weakness would be a use of shared-key cryptography on the first sp<->idp connection - are you refering to that?. -- Sylvain
