[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] OpenID security? Is it a joke?
From: |
Davi Diaz |
Subject: |
Re: [Savannah-users] OpenID security? Is it a joke? |
Date: |
Sat, 1 Aug 2009 11:41:46 +0100 |
User-agent: |
KMail/1.9.9 |
Karl Goetz wrote:
> > Read http://en.wikipedia.org/wiki/OpenID#Security_and_phishing .
> > Please read references too. You ask for information, so read and
> > understand all them.
> [1] I won't have time to read the related references until next week.
The projects are not in a hurry.
> > Do you know any bank which offer OpenID as authentication mechanism?
> > Realize a good analysis please.
>
> If your referring to your bank metaphor when you say "Realize a good
> analysis please", no, I do not think this is good analysis.
I tried to show an evidence of OpenID being bad at security showing the fact
that _any_ bank use OpenID to authenticate their users. Banks take security
seriously because there is money involved.
I used such example because I had no time to explain, that is to say repeat
here again, its weakness, an because there is sources out there which you
must use to do _your own_ analysis.
--
As usual I could be mistaken. Please let me know.