know OpenID VERY well?

From: Jonathan V.
Sent on: Monday, June 2, 2008 4:47 PM
A few years ago I thought I spotted a security vulnerability in the  
design of the protocol.  I've never had time to properly inspect.

This is definitely an 'edge case' and caused by the implementation of  
OpenID, not a flaw in the protocol.

If you know the protocol very well and have an open mind, please be  
in touch ( Most people who know OpenID are evangelists and outright  
dismiss any criticism )

  if I'm right about this, we can author the paper + test case  
together.   If I'm wrong about this, at least my nerves can be put at  
rest.




// Jonathan Vanasco

w. http://findmeon.c...­
e. [address removed]

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - -
| Founder/CEO
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Privacy Minded Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - -

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy