Jeremy Katz katzj at
Thu May 29 14:46:16 UTC 2008

Jeffrey Tadlock wrote:
>> The phishing problem isn't unique to OpenID.
> No, it isn't unique to OpenID - but it is certainly an area we should
> take into account before implementing OpenID.
> With all of that said - I like the OpenID idea.  And we run other
> services that have potential exposure to security issues (ssh, just
> our normal FAS logins, etc) - but we do make efforts to protect those
> services to the best of our ability to reduce our risk.  

... and we should actually look at using our SSL certs more for 
authentication as opposed to requiring people to type their FAS password 
all over the place.  This is something I keep meaning to bring up but 
then having other stuff come up instead.

But that's neither here nor there wrt OpenID


More information about the Fedora-infrastructure-list mailing list