Note that all of these except the last are about how to use this for useful purposes or just playing around;
Note? I put them in that order deliberately! The questions on this thread were about how widespread this exploit is "in the wild", and, as you can see, there are plenty of reasons for *good-intentioned* developers to practice it.
the last one is a theoretical note that says "this may be useful for phishing" but doesn't give a specific attack
You can find working implementations in the first set of links. That they double as attack vectors, despite being utilized for a benevolent purpose, wasn't something I saw any need to explain.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
