[security] 2 possible flaws
Johannes Berg
johannes at sipsolutions.net
Wed Apr 18 09:48:36 UTC 2007
Hi Gareth,
> I have been thinking about 2 possible flaws with OpenID providers,
> I haven't had time to test any of them however because I've started
> work on another project.
>
> Now they might not even exist or they could possibly create huge
> flaws in every provider worse case. I would like someone to test my
> theories and see if the holes are possible to exploit.
>
> What do you think it the best policy here? Do you think it is safe
> for me to publically dicuss this?
I'm still in the process of implementing an OP and would really like to
know about any security problems before roll-out. Maybe we should
assemble a list of currently active OPs so you can notify them maybe a
week days in advance and then publicly discuss?
johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20070418/905a7593/attachment-0002.pgp>
More information about the security
mailing list