Once more, LJ valid_to timespan.
paul at ciphergoth.org
Fri Jul 1 13:47:11 PDT 2005
Carl Howells wrote:
> Well, the valid_to field was introduce as a result of this message:
> In that email, Paul pointed out all the components of the protocol
> should have explicit expiration times set. Most of it was devoted to
> talking about (what became) the hmac secret, but he did mention that all
> identity tokens provided should have explicit expirations as well.
I completely agree with everything you say here! Thanks for putting it
so eloquently - I've got a barely-started draft message on the subject
saved because I couldn't work out how to express it.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis