[openid-specs-rande] Route of denial of service in OIDC Federation?
Nick Roy
nroy at internet2.edu
Tue Sep 24 21:43:22 UTC 2019
Is it possible for a malicious party to generate an arbitrarily long trust chain that an OpenID Connect Federation implementation spends a lot of time verifying? Would making authority_hints mandatory circumvent this? See also: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190924/7439ee86/attachment.asc>
More information about the openid-specs-rande
mailing list