On Thu, May 29, 2008 at 8:03 AM, Kostas Georgiou
<k.georgiou(a)imperial.ac.uk> wrote:
A possible solution to the phishing issue might be to only allow ssl
client auth and not a login/password for
a.fp.org/accounts/openid/login
this doesn't stop the phishing site asking for a password but the
difference might be enough for the user to notice that something is
wrong.
The phishing problem isn't unique to OpenID.
I am not sure that I see any value in OpenID in any case, there are
very
few OpenID consumers that I know about.
While OpenID is definitely an emerging technology, there are a lot of
places where OpenID can be used to authenticate. Here are a couple of
sites that have directories of OpenID-enabled sites:
https://www.myopenid.com/directory
http://openiddirectory.com/
Jeff