[openid-specs-rande] Route of denial of service in OIDC Federation?
Roland Hedberg
roland at catalogix.se
Wed Sep 25 06:47:52 UTC 2019
It seems we have reasons to schedule at least one session at IIW.
> On 25 Sep 2019, at 07:18, Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> Will you be at IIW next week? It would be great to talk about this there.
>
> -- Mike
>
> -----Original Message-----
> From: openid-specs-rande <openid-specs-rande-bounces at lists.openid.net> On Behalf Of Nick Roy
> Sent: Tuesday, September 24, 2019 2:43 PM
> To: openid-specs-rande at lists.openid.net
> Subject: [openid-specs-rande] Route of denial of service in OIDC Federation?
>
> Is it possible for a malicious party to generate an arbitrarily long trust chain that an OpenID Connect Federation implementation spends a lot of time verifying? Would making authority_hints mandatory circumvent this? See also: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frjhansen%2F67ab921ffb4084c865b3618d6955275f&data=02%7C01%7CMichael.Jones%40microsoft.com%7C249ec521a0044788414a08d7413ceb16%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637049602211416829&sdata=qi5oAcUzpbKptyXrNOLxWd737ETCY7V50FSB2rwRb0w%3D&reserved=0
>
> Nick
— Roland
Scratch a pessimist and you find often a defender of privilege. -William Beveridge, economist and reformer (5 Mar 1879-1963)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190925/c0fa07e9/attachment-0001.html>
More information about the openid-specs-rande
mailing list