On Thu, 29 May 2008, Jeremy Katz wrote:
> Jeffrey Tadlock wrote:
> > > The phishing problem isn't unique to OpenID.
> >
> > No, it isn't unique to OpenID - but it is certainly an area we should
> > take into account before implementing OpenID.
> >
> > With all of that said - I like the OpenID idea. And we run other
> > services that have potential exposure to security issues (ssh, just
> > our normal FAS logins, etc) - but we do make efforts to protect those
> > services to the best of our ability to reduce our risk.
>
> ... and we should actually look at using our SSL certs more for authentication
> as opposed to requiring people to type their FAS password all over the place.
> This is something I keep meaning to bring up but then having other stuff come
> up instead.
>
Actually we have some SSL auth in place already though I'm not totally
sure the status of it. We haven't officially announced it I know that :)
ricky? toshio? any comments?
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
