Phishing attacks on OpenID

[Xageroth Sekarius]

Yes, I thought of that subtle difference too. What I meant to say was
that any method that could combat phishing elsewhere should be able to
be used here too. So instead of developing something unique and
creative for OpenID, I'd suggest looking elsewhere for effective means
as well. The bookmarks suggestion you made, is one.

I tend to think this is something identity hosts need to consider
individually. A spec recommendation wouldn't be undesirable tho.