Server losing secrets?

Brad Fitzpatrick brad at danga.com
Fri Jun 24 12:52:19 PDT 2005


On Fri, 24 Jun 2005, Carl Howells wrote:

> There needs to be a way to recover from something like that in the spec.
>   Some system needs to exist where the server can tell the consumer that
> it didn't recognize the assoc_handle it received, and to get a new
> association and try again.
>
> How should that be specified?

Good find!  Here's my vote:

-- if server doesn't remember that handle, you reply like you would in
   dumb mode, where you simply pick your own handle.  consumer will
   then have to verify using dumb mode

-- server also includes in the id_res response the key:

      openid.invalidate_handle=[unrecognized_one]

   the consumer will actually invalidate that one once it verifies the
   other handle's signature matches (with check_authentication mode) to
   combat a third party from killing a consumer's cache just by sending
   fake id_res responses


Cool?



More information about the yadis mailing list