Super all-comprehensive specs/overview page (fwd)

Paul Crowley paul at
Mon Jun 27 08:35:18 PDT 2005

Brad Fitzpatrick wrote:
> On Mon, 27 Jun 2005, Paul Crowley wrote:
>>The advantage of doing it this way is that the consumer makes fewer GET
> That's a big advantage!


> Sorry -- explain to me the problem you see?  (or not, if you feel it's not
> a big deal...?)

A careless consumer might cache the information that "the OpenID server 
for is" after reading 
"".  That allows to poison the cache.  To avoid 
these attacks, what the consumer has to record becomes more complex.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list