[security] security hole in signature algorithm
Josh Hoyt
josh at janrain.com
Mon Nov 20 21:21:02 UTC 2006
On 11/20/06, Dick Hardt <dick at sxip.com> wrote:
> Ah, there it is! Seriously, I looked through the document and did not
> find it, and when chatting with Recordon last week, I understood from
> him the same thing I was thinking. (I might have misunderstood him)
>
> Section 6.1 mislead me to think that it was the algorithm, as it
> talks about appending the key and value to the list. Perhaps a link
> to the KV algorithm there would be useful here?
maybe a reorganization that combines sections 6 and 7 and makes 7.2
more prominent?
Josh
More information about the security
mailing list