[OpenID] review of text for validating unsolicited assertions, given an openid2 request about identity=localid
Peter Williams
pwilliams at rapattoni.com
Tue Nov 11 13:47:50 UTC 2008
15.1.1. Eavesdropping Attacks
This section should be renamed 15.1.1. Reuse of Assertions
The section discusses 2 topics: eavesdropping, replay on the wire of an assertion to a given RP.
The use of the term eavesdropping (a passive attack) is somewhat inappropriate: since the description is all about an active deletion and insertion attack, following early intercept.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Peter Williams
Sent: Tuesday, November 11, 2008 5:17 AM
Cc: OpenID List
Subject: OpenID] review of text for validating unsolicited assertions, given an openid2 request about identity=localid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081111/d4b03c9c/attachment-0002.htm>
More information about the general
mailing list