Server losing secrets?

Carl Howells chowells at
Fri Jun 24 14:39:14 PDT 2005

Brad Fitzpatrick wrote:
> Good find!  Here's my vote:
> -- if server doesn't remember that handle, you reply like you would in
>    dumb mode, where you simply pick your own handle.  consumer will
>    then have to verify using dumb mode
> -- server also includes in the id_res response the key:
>       openid.invalidate_handle=[unrecognized_one]
>    the consumer will actually invalidate that one once it verifies the
>    other handle's signature matches (with check_authentication mode) to
>    combat a third party from killing a consumer's cache just by sending
>    fake id_res responses
> Cool?

I think that would work fine.  Just remember that 'invalidate_handle' 
would need to be in the openid.signed list in that case, too.  (And be 
part of the signature, obviously.)


More information about the yadis mailing list