On Sat, 1 Aug 2009 00:44:14 +0100 Davi Leal <[email protected]> wrote: > Sylvain Beucler wrote: > > Davi wrote: > > > Karl Goetz wrote: > > > > OpenID consumer support?
> > - back up your claims > > > > Read http://en.wikipedia.org/wiki/OpenID#Security_and_phishing . > Please read references too. You ask for information, so read and > understand all them. The relevant part of the article seems to be this[1]: Some observers have suggested that OpenID has security weaknesses and may prove vulnerable to phishing attacks.[54][55][56] For example, a malicious relying party may forward the end-user to a bogus identity provider authentication page asking that end-user to input their credentials. On completion of this, the malicious party (who in this case also control the bogus authentication page) could then have access to the end-user's account with the identity provider, and as such then use that end-user’s OpenID to log into other services. This isn't OpenID specific. If a malicious website refers you to a special log in area you still lose your details. [1] I won't have time to read the related references until next week. > Do you know any bank which offer OpenID as authentication mechanism? > Realize a good analysis please. If your referring to your bank metaphor when you say "Realize a good analysis please", no, I do not think this is good analysis. kk -- Karl Goetz, (Kamping_Kaiser / VK5FOSS) Debian contributor / gNewSense Maintainer http://www.kgoetz.id.au No, I won't join your social networking group
signature.asc
Description: PGP signature
