Phishing attacks on OpenID

Xageroth Sekarius xageroth at gmail.com
Wed Jun 1 18:53:30 PDT 2005


Yes, I thought of that subtle difference too. What I meant to say was
that any method that could combat phishing elsewhere should be able to
be used here too. So instead of developing something unique and
creative for OpenID, I'd suggest looking elsewhere for effective means
as well. The bookmarks suggestion you made, is one.

I tend to think this is something identity hosts need to consider
individually. A spec recommendation wouldn't be undesirable tho.


More information about the yadis mailing list