OpenID: R.I.P.?

Questo advisory è abbastanza serio.

Sun aggiunge:

Security Issues

OpenID is an untrusted protocol. Sun has no liability for what happens to any information you ive to a third-party web site using this service. Most OpenID-enabled sites are genuine but some may be phishers or other rogues. Sun currently has no way of distinguishing the good sites from the bad. Do not use the OpenID@Work service for any high-value, critical, or Sun proprietary information.

Pare che la combinazione DNS+DebianSSL sia stata davvero esplosiva, unita al fatto che OpenID non obbligherebbe l’uso di CRL (Certificate Revocation Lists). R.I.P?

-quack