Comments on: OpenID 2.0 and Phishing http://kveton.com/blog/2007/01/21/openid-20-and-phishing/ I iz on site, mis spelin ur last naymz Sat, 17 May 2008 08:14:54 +0000 http://wordpress.org/?v=2.3.2 By: Steffen http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-26087 Steffen Tue, 22 May 2007 13:23:03 +0000 http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-26087 Patent issues are said to be resolved. There never was a definitive claim, the notification was never again mentioned by anyone since about 10 years. The TLS-integration of SRP is moving forward. Patent issues are said to be resolved. There never was a definitive claim, the notification was never again mentioned by anyone since about 10 years. The TLS-integration of SRP is moving forward.

]]> By: David Magda http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-13499 David Magda Mon, 12 Mar 2007 16:11:52 +0000 http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-13499 The issue with SRP is that there are patent issues involved. Standford has made their patents available, but there are others that may (or may not) overlap things, so that's why it's not taken off. The issue with SRP is that there are patent issues involved. Standford has made their patents available, but there are others that may (or may not) overlap things, so that’s why it’s not taken off.

]]> By: Stefan Karpinski http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-11056 Stefan Karpinski Wed, 21 Feb 2007 23:04:26 +0000 http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-11056 Your link to the SRP project at Stanford is broken. The correct link is http://srp.stanford.edu/. This is an amazing remote password protocol, which has nearly ideal security properties. It should definitely be included in the OpenID standard. No, I have nothing to do with it, I just read the spec and found it to be an astonishingly brilliant protocol. [stefan] Your link to the SRP project at Stanford is broken. The correct link is http://srp.stanford.edu/. This is an amazing remote password protocol, which has nearly ideal security properties. It should definitely be included in the OpenID standard. No, I have nothing to do with it, I just read the spec and found it to be an astonishingly brilliant protocol.

[stefan]

]]> By: kveton http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-6749 kveton Mon, 22 Jan 2007 03:01:32 +0000 http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-6749 Hi Ian, I'm loving the discussion happening on the general list ... we're looking to implement a lot of suggestions already made there. As far as implementing InfoCard on MyOpenID we're going to take a hard look. I've got a post on working on about this specifically that I'll try to get out tomorrow. We're just not seeing any demand for InfoCard today. Not one user has asked for InfoCard support and nearly 60% of our visitors use Firefox as their browser. I'm much more interested in the discussions happening with Mozilla on creating platform and provider independent tools built into Firefox for giving users better control of their digital identities. More to come soon, thanks for the question ... :-) Hi Ian,

I’m loving the discussion happening on the general list … we’re looking to implement a lot of suggestions already made there.

As far as implementing InfoCard on MyOpenID we’re going to take a hard look. I’ve got a post on working on about this specifically that I’ll try to get out tomorrow.

We’re just not seeing any demand for InfoCard today. Not one user has asked for InfoCard support and nearly 60% of our visitors use Firefox as their browser.

I’m much more interested in the discussions happening with Mozilla on creating platform and provider independent tools built into Firefox for giving users better control of their digital identities.

More to come soon, thanks for the question … :-)

]]> By: http://iansorbello.pip.verisignlabs.com/ http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-6745 http://iansorbello.pip.verisignlabs.com/ Mon, 22 Jan 2007 02:27:03 +0000 http://kveton.com/blog/2007/01/21/openid-20-and-phishing/#comment-6745 Scott, You've linked to Kim Cameron's Integrating OpenID and Infocard in this post. When you look at how simple it could be for an OP to integrate with InfoCard (and understand the benefits), it sounds like a great synergy to me... What are your thoughts on this? Does JanRain have any plans to perhaps go down this path, i.e. supporting infocard logins @ myopenid? Ian. Scott,

You’ve linked to Kim Cameron’s Integrating OpenID and Infocard in this post.

When you look at how simple it could be for an OP to integrate with InfoCard (and understand the benefits), it sounds like a great synergy to me… What are your thoughts on this? Does JanRain have any plans to perhaps go down this path, i.e. supporting infocard logins @ myopenid?

Ian.

]]>