> I believe this additional step is for anti-phishing. It is for the site to > verify its authenticity to the user, not for the user to verify their > authenticity to the site.
FWIW, that is my understanding as well. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
