scott at janrain.com
Wed Mar 21 13:25:24 PDT 2007
> If it's a protocol issue there are several providers that
> can be hurt, so pls exercise restraint in disclosing before
> other providers apart from MyOpenID have a chance to act!
That's a great point Hans, we'll exercise restraint as well if that's the
> Best would be some timeline to get concerned implementations
> chance to contact you and ask if their provider is vulnerable
> (like I did in a separate email) and then give some time for
> these parties to patch?
Excellent idea. This seems like a great wiki topic "How to report a
>> -----Original Message-----
>> From: security-bounces at openid.net
>> [mailto:security-bounces at openid.net] On Behalf Of gaz_sec at hushmail.com
>> Sent: Wednesday, March 21, 2007 12:15 PM
>> To: security at openid.net
>> Subject: Re: [security] MyOpenID
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> No in my opinion the provider is following the correct
>> implementation of OpenID so I think it is a problem with
>> OpenID itself. It can be easily solved but provides
>> inconvenience to the user of the OpenID service. I shall
>> email the flaw once the provider has got back to me with a fix.
>> On Wed, 21 Mar 2007 18:55:21 +0000 "Paul C. Bryan"
>> <email at pbryan.net> wrote:
>>> On Wed, 2007-03-21 at 18:51 +0000, gaz_sec at hushmail.com wrote:
>>>> I do have a working example that works in 1 browser at the
>>> moment but
>>>> I can't send it because it is currently being fixed by MyOpenID.
>>>> I find out it has been fixed I shall send the example to the
>>> Presumably, then, this second case is a bug in a provider
>>> implementation, not the protocol.
>> -----BEGIN PGP SIGNATURE-----
>> Note: This signature can be verified at
>> Version: Hush 2.5
>> -----END PGP SIGNATURE-----
>> Click for home mortgage, fast & free, no lender fee, approval
>> today http://tagline.hushmail.com/fc/CAaCXv1QbtYaYul5oRPJFR00oaubsEo0/
>> security mailing list
>> security at openid.net
> security mailing list
> security at openid.net
More information about the security