Jeffrey Tadlock wrote:
The phishing problem isn't unique to OpenID.
No, it isn't unique to OpenID - but it is certainly an area we should
take into account before implementing OpenID.
With all of that said - I like the OpenID idea. And we run other
services that have potential exposure to security issues (ssh, just
our normal FAS logins, etc) - but we do make efforts to protect those
services to the best of our ability to reduce our risk.
... and we should actually look at using our SSL certs more for
authentication as opposed to requiring people to type their FAS password
all over the place. This is something I keep meaning to bring up but
then having other stuff come up instead.
But that's neither here nor there wrt OpenID
Jeremy
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list