brad at danga.com
Sat May 21 00:07:21 PDT 2005
On Fri, 20 May 2005, Karl Koscher wrote:
> Brad Fitzpatrick wrote:
> >Nonce support has been added to the protocol. Optional for consumers to
> >send. Required for identity servers to echo back and sign.
> Erm, is this really necessary? Can't a consumer just include something
> like that in their return URL, that in turn is part of the message
> hashed by the identity server?
You're totally right. Good catch. Now removed from specs.
More information about the yadis