Jeffrey Ollie jeff at
Thu May 29 13:17:08 UTC 2008

On Thu, May 29, 2008 at 8:03 AM, Kostas Georgiou
<k.georgiou at> wrote:
> A possible solution to the phishing issue might be to only allow ssl
> client auth and not a login/password for
> this doesn't stop the phishing site asking for a password but the
> difference might be enough for the user to notice that something is
> wrong.

The phishing problem isn't unique to OpenID.

> I am not sure that I see any value in OpenID in any case, there are very
> few OpenID consumers that I know about.

While OpenID is definitely an emerging technology, there are a lot of
places where OpenID can be used to authenticate.  Here are a couple of
sites that have directories of OpenID-enabled sites:


More information about the Fedora-infrastructure-list mailing list