Server losing secrets?
paul at ciphergoth.org
Sat Jun 25 14:31:55 PDT 2005
Brad Fitzpatrick wrote:
>>and the server already knows what handles it can accept.
Given a handle, the server can figure out whether it's able to produce
the associated secret.
> So you're saying: "Who cares if it's in the 'signed' group, since we're
> doing an actual POST to the id server anyway... The id server can just
> include it in its response, so we know it didn't come from a casual
> attacker just trying to empty our cache."
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis