Hi,
A quick comment:
"... End User does not provide shared secrets to a party potentially
under the control of the Relying Party ... "
So if the secret gets provided to any third party - so long as it's
not a party under control of the RP - it's *not* phishing ?
I think what everyone's trying to say is that "Phishing-Resistant"
means "End Users can't be tricked into giving things to the wrong
place"... is all the jargon/terminology/verbosity really necessary in
the definition?
Kind Regards,
Chris Drake
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
