Hans, Thanks for clarifying. You're right, there is a MITM vulnerability with Direct Verification, especially if the Direct Verification is done in the clear (i.e., no SSL/TLS transport).
However, the spec seems to indicate that if SSL/TLS is used, then Direct Verification is ok (Section 15.1.2, first line of 2nd paragraph). Do you agree? (I'm trying to figure out if Direct Verification is broken in general, or only if OpenId is done without SSL/TLS) Thanks! David > -----Original Message----- > From: Hans Granqvist [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 2:01 PM > > The main attack is when the OP sends "invalid" and Mallory changes > that to "valid". The RP would then believe Alice has authenticated > to OP, and thus let Mallory successfully impersonate Alice on the RP's > system. (There is no feedback step to the OP, so the OP never sees > this attack.) _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
