savannah-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] OpenID security? Is it a joke?


From: Davi Diaz
Subject: Re: [Savannah-users] OpenID security? Is it a joke?
Date: Sat, 1 Aug 2009 11:41:46 +0100
User-agent: KMail/1.9.9

Karl Goetz wrote:
> > Read http://en.wikipedia.org/wiki/OpenID#Security_and_phishing .
> > Please read references too. You ask for information, so read and
> > understand all them.

> [1] I won't have time to read the related references until next week.

The projects are not in a hurry.



> > Do you know any bank which offer OpenID as authentication mechanism?
> > Realize a good analysis please.
>
> If your referring to your bank metaphor when you say "Realize a good
> analysis please", no, I do not think this is good analysis.

I tried to show an evidence of OpenID being bad at security showing the fact 
that _any_ bank use OpenID to authenticate their users.  Banks take security 
seriously because there is money involved.

I used such example because I had no time to explain, that is to say repeat 
here again, its weakness, an because there is sources out there which you 
must use to do _your own_ analysis.


--
As usual I could be mistaken. Please let me know.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]