On 10/19/06, Josh Hoyt <[EMAIL PROTECTED]> wrote: > when she has control
Sorry that I didn't put this all in one message, but: I think it's worthwhile to be aware of what might happen in scenarios where your identifier has been stolen, but it should not have much bearing on which proposal gets accepted, since the attacker will have been able to inflict much greater harm elsewhere. I doubt that the protocol can offer much protection if someone actually gets control of your identifier. For instance, some RPs will offer a way to transition an account from one identifier to another (for e.g. domain names expiring). The attacker can just transition those accounts to an identifier of hers. Josh _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
