Claus Färber wrote:
Hehe...I like this one...good thought! Which means that any IDP must implement better authentication procedures in order to prevent phishing attacks, such as two-factor-authentication or other improved authentication procedures! This would make a password harvested by a rouge site pretty useless...Both of you are still missing the point: Using HTTPS does not help if the rouge RP redirects to a MITM phishing site which has a valid SSL/TLS certificate.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
