I think I messed the double negative above: I meant everything except explicit APIs with support SLAs are liable to change.
As a cheaper (but less geek-friendly) solution, couldn't Relying Parties have JS to read the "image" data *and* (before loading/running it) instructing the user's browser to hash it, seeing if it matched the "clean" value a RP had generated/stored/displayed for it after confirming that it was safe? If not, the browser could be instructed to (alternatively) display a generic "this user has a new icon that has not yet been checked" profile image instead.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
