Once more, LJ valid_to timespan.
Paul Crowley
paul at ciphergoth.org
Fri Jul 1 13:47:11 PDT 2005
Carl Howells wrote:
> Well, the valid_to field was introduce as a result of this message:
> <http://lists.danga.com/pipermail/yadis/2005-June/000480.html>
>
> In that email, Paul pointed out all the components of the protocol
> should have explicit expiration times set. Most of it was devoted to
> talking about (what became) the hmac secret, but he did mention that all
> identity tokens provided should have explicit expirations as well.
I completely agree with everything you say here! Thanks for putting it
so eloquently - I've got a barely-started draft message on the subject
saved because I couldn't work out how to express it.
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list