Re: [Savannah-users] OpenID security? Is it a joke?

savannah-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] OpenID security? Is it a joke?

From:	Davi Leal
Subject:	Re: [Savannah-users] OpenID security? Is it a joke?
Date:	Sat, 1 Aug 2009 11:49:17 +0100
User-agent:	KMail/1.9.9

Karl Goetz wrote:
> > Read http://en.wikipedia.org/wiki/OpenID#Security_and_phishing .
> > Please read references too. You ask for information, so read and
> > understand all them.

> [1] I won't have time to read the related references until next week.

The projects are not in a hurry.

> > Do you know any bank which offer OpenID as authentication mechanism?
> > Realize a good analysis please.
>
> If your referring to your bank metaphor when you say "Realize a good
> analysis please", no, I do not think this is good analysis.

I tried to show an evidence of OpenID being bad at security showing the fact 
that _any_ bank use OpenID to authenticate their users.  Banks take security 
seriously because there is money involved.

I used such example because I had no time to explain, that is to say repeat 
here again, its weakness, an because there is sources out there which you 
must use to do _your own_ analysis.

--
As usual I could be mistaken. Please let me know.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Savannah-users] OpenID security? Is it a joke?, Karl Goetz, 2009/08/01
- Re: [Savannah-users] OpenID security? Is it a joke?, Davi Leal <=
- Re: [Savannah-users] OpenID security? Is it a joke?, Davi Diaz, 2009/08/01

Prev by Date: Re: [Savannah-users] OpenID security? Is it a joke?
Next by Date: Re: [Savannah-users] OpenID security?
Previous by thread: Re: [Savannah-users] OpenID security? Is it a joke?
Next by thread: Re: [Savannah-users] OpenID security? Is it a joke?
Index(es):
- Date
- Thread