<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal"><p dir="auto">Yep - I will be at both the OpenID Foundation workshop and IIW, would love to chat. Also I just read this:</p>
<p dir="auto">7.1</p>
<p dir="auto">"The Consumer should never attempt to fetch entity statements it already has fetched during this process (loop prevention)."</p>
<p dir="auto">That works, should probably be in the test suite.</p>
<p dir="auto">Best,</p>
<p dir="auto">Nick</p>
<p dir="auto">On 25 Sep 2019, at 0:47, Roland Hedberg wrote:</p>
</div>
<blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px"><div id="3A303576-C838-4D69-B39C-01584C75BE18"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">It seems we have reasons to schedule at least one session at IIW.<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 25 Sep 2019, at 07:18, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" class="">Michael.Jones@microsoft.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Will you be at IIW next week? It would be great to talk about this there.<br class=""><br class=""><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span>-- Mike<br class=""><br class="">-----Original Message-----<br class="">From: openid-specs-rande <<a href="mailto:openid-specs-rande-bounces@lists.openid.net" class="">openid-specs-rande-bounces@lists.openid.net</a>> On Behalf Of Nick Roy<br class="">Sent: Tuesday, September 24, 2019 2:43 PM<br class="">To: <a href="mailto:openid-specs-rande@lists.openid.net" class="">openid-specs-rande@lists.openid.net</a><br class="">Subject: [openid-specs-rande] Route of denial of service in OIDC Federation?<br class=""><br class="">Is it possible for a malicious party to generate an arbitrarily long trust chain that an OpenID Connect Federation implementation spends a lot of time verifying? Would making authority_hints mandatory circumvent this? See also: <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frjhansen%2F67ab921ffb4084c865b3618d6955275f&data=02%7C01%7CMichael.Jones%40microsoft.com%7C249ec521a0044788414a08d7413ceb16%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637049602211416829&sdata=qi5oAcUzpbKptyXrNOLxWd737ETCY7V50FSB2rwRb0w%3D&reserved=0" class="">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Frjhansen%2F67ab921ffb4084c865b3618d6955275f&data=02%7C01%7CMichael.Jones%40microsoft.com%7C249ec521a0044788414a08d7413ceb16%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637049602211416829&sdata=qi5oAcUzpbKptyXrNOLxWd737ETCY7V50FSB2rwRb0w%3D&reserved=0</a><br class=""><br class="">Nick<br class=""></div></div></blockquote></div><br class=""><div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">— Roland</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Scratch a pessimist and you find often a defender of privilege. -William Beveridge, economist and reformer (5 Mar 1879-1963) </div>
</div>
<br class=""></div></div></blockquote>
<div style="white-space:normal"><blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px">
</blockquote></div>
</div>
</body>
</html>