[openid-specs-rande] Route of denial of service in OIDC Federation?
Mike Jones
Michael.Jones at microsoft.com
Wed Sep 25 05:18:57 UTC 2019
Will you be at IIW next week? It would be great to talk about this there.
-- Mike
-----Original Message-----
From: openid-specs-rande <openid-specs-rande-bounces at lists.openid.net> On Behalf Of Nick Roy
Sent: Tuesday, September 24, 2019 2:43 PM
To: openid-specs-rande at lists.openid.net
Subject: [openid-specs-rande] Route of denial of service in OIDC Federation?
Is it possible for a malicious party to generate an arbitrarily long trust chain that an OpenID Connect Federation implementation spends a lot of time verifying? Would making authority_hints mandatory circumvent this? See also: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frjhansen%2F67ab921ffb4084c865b3618d6955275f&data=02%7C01%7CMichael.Jones%40microsoft.com%7C249ec521a0044788414a08d7413ceb16%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637049602211416829&sdata=qi5oAcUzpbKptyXrNOLxWd737ETCY7V50FSB2rwRb0w%3D&reserved=0
Nick
More information about the openid-specs-rande
mailing list