On Tue, Dec 15, 2009 at 9:58 AM, Chris Obdam <[email protected]> wrote: >> It's a good opportunity to look at what attack vectors this >> has enabled in the real world before throwing the usability baby out >> with the security bathwater. > And for not throwing the usabilty baby out I gave a +1 to John ;-) >
I am also in favor of saving the baby. I don't buy the CSS history stealing argument, that's all. CSS history stealing is essentially a cross-domain cookie API without user opt-out option. So I wonder how long before browsers turn off this 'feature'. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
