Server losing secrets?
Brad Fitzpatrick
brad at danga.com
Fri Jun 24 12:52:19 PDT 2005
On Fri, 24 Jun 2005, Carl Howells wrote:
> There needs to be a way to recover from something like that in the spec.
> Some system needs to exist where the server can tell the consumer that
> it didn't recognize the assoc_handle it received, and to get a new
> association and try again.
>
> How should that be specified?
Good find! Here's my vote:
-- if server doesn't remember that handle, you reply like you would in
dumb mode, where you simply pick your own handle. consumer will
then have to verify using dumb mode
-- server also includes in the id_res response the key:
openid.invalidate_handle=[unrecognized_one]
the consumer will actually invalidate that one once it verifies the
other handle's signature matches (with check_authentication mode) to
combat a third party from killing a consumer's cache just by sending
fake id_res responses
Cool?
More information about the yadis
mailing list