Why OpenID will never work
(see http://openid.net -- it's like MS Passport, without the evil centralized system, but WITH all security bugs -- read on)
Because for a security protocol, it looks like they have never heard of basic security practices:
1. Phishing: the signing-in site REDIRECTS you to the open ID authority. If you are not logged in on the provider, you have to enter user name and password. Redirecting you to "www.livejornal.com" is an easy way to steal your password.
2. Diffie-Helman is vulnerable to man-in-the-middle attacks, so you can get in between the service provider and the open ID authority.
Better luck next time, boys!
Because for a security protocol, it looks like they have never heard of basic security practices:
1. Phishing: the signing-in site REDIRECTS you to the open ID authority. If you are not logged in on the provider, you have to enter user name and password. Redirecting you to "www.livejornal.com" is an easy way to steal your password.
2. Diffie-Helman is vulnerable to man-in-the-middle attacks, so you can get in between the service provider and the open ID authority.
Better luck next time, boys!