Mike McGrath mmcgrath at
Thu May 29 15:02:58 UTC 2008

On Thu, 29 May 2008, Jeremy Katz wrote:

> Jeffrey Tadlock wrote:
> > > The phishing problem isn't unique to OpenID.
> >
> > No, it isn't unique to OpenID - but it is certainly an area we should
> > take into account before implementing OpenID.
> >
> > With all of that said - I like the OpenID idea.  And we run other
> > services that have potential exposure to security issues (ssh, just
> > our normal FAS logins, etc) - but we do make efforts to protect those
> > services to the best of our ability to reduce our risk.
> ... and we should actually look at using our SSL certs more for authentication
> as opposed to requiring people to type their FAS password all over the place.
> This is something I keep meaning to bring up but then having other stuff come
> up instead.

Actually we have some SSL auth in place already though I'm not totally
sure the status of it.  We haven't officially announced it I know that :)

ricky?  toshio?  any comments?


More information about the Fedora-infrastructure-list mailing list