On 9/28/05, Steven J. Murdoch <yadis+Steven.Murdoch at cl.cam.ac.uk> wrote: > OpenID does not > appear to be designed to protect against these sorts of attacks, > although I think an explicit statement of the threat model would be > useful. I think this is the crux of most of these security-related questions.