@Mickael Wojcik

Thanks for taking the time to answer, but you misunderstood my post. I (mostly) know how Cardspace works, and it's -mostly- how OpenID works too. My point was, once you're MITMed, especially at the DNS level, they both are useless. And SSL/TLS also is. Basically, all your data transit through an hostile system which pretends to be you for the outer world, and pretends to be the outer world to you. There is no way you can prevent it from seeing your data flux. Then it's just a matter of replicating parts of this flux when the victim disconnects (or to prevent the disconnection) and you're good to go. Both systems are equally vulnerable to a DNS attack. Of course the attacker can't see the info you registered with OpenID or Cardspace, but why would they need that? All your -online- life is belongs to them already!

I stick to my guns: mentionning DNS vulnerabilities here was pure marketting spin.