On Thu, 29 May 2008, Jeremy Katz wrote: > Jeffrey Tadlock wrote: > > > The phishing problem isn't unique to OpenID. > > > > No, it isn't unique to OpenID - but it is certainly an area we should > > take into account before implementing OpenID. > > > > With all of that said - I like the OpenID idea. And we run other > > services that have potential exposure to security issues (ssh, just > > our normal FAS logins, etc) - but we do make efforts to protect those > > services to the best of our ability to reduce our risk. > > ... and we should actually look at using our SSL certs more for authentication > as opposed to requiring people to type their FAS password all over the place. > This is something I keep meaning to bring up but then having other stuff come > up instead. > Actually we have some SSL auth in place already though I'm not totally sure the status of it. We haven't officially announced it I know that :) ricky? toshio? any comments? -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
