paul at ciphergoth.org
Sun Jun 5 14:53:39 PDT 2005
> How about this:
This has to be an implicit part of what is signed, or as I said, an
attacker could substitute one from the other by mis-reporting what
fields the server asserted are present. So the token contents becomes
That's fine, and much simpler. Cool.
I prefer newline termination to newline separation here, BTW. Not a
cryptographic thing of course, just a matter of taste.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis