security
Dan Lyke
danlyke at flutterby.com
Wed Oct 25 20:52:41 UTC 2006
On Wed, 25 Oct 2006 13:35:10 -0700, Pete Rowley wrote:
> Sure - but that doesn't make it a good solution. Introducing
> persistent key pairs at all requires the group to work on key
> management.
I just read through the OpenID 2.0 specification, and it looks like
the "association" addresses exactly this.
I also just sent an email to the security at openid.net list:
http://openid.net/pipermail/security/2006-October/000000.html
Which lays out my understanding of the current security situation in
OpenID 2.0. I will participate in future security discussions as they
pertain to OpenID 2.0 over there.
Dan
More information about the general
mailing list