Server losing secrets?

Paul Crowley paul at
Sat Jun 25 14:31:55 PDT 2005

Brad Fitzpatrick wrote:
>>and the server already knows what handles it can accept.
> What?

Given a handle, the server can figure out whether it's able to produce 
the associated secret.

> So you're saying:  "Who cares if it's in the 'signed' group, since we're
> doing an actual POST to the id server anyway...  The id server can just
> include it in its response, so we know it didn't come from a casual
> attacker just trying to empty our cache."

\/ o\ Paul Crowley, paul at

More information about the yadis mailing list