On 19-Nov-06, at 3:08 PM, Adam Nelson wrote:
Great start on the Wiki. Note that there are some efforts in IETF for
enhancing what can be done at the TLS layer for authentication which
would enable the same mechanism to be used not only for HTTP, but for
SMTP, POP3, IMAP ...
Hmm, that's
On 11/19/06, Dick Hardt [EMAIL PROTECTED] wrote:
By manipulating the return_to parameter, an attacked can impersonate
another user at an RP.
it's hard to do a careful reading of your message with mhy 2-year-old
playing piano in the background, but I don't think I understand your
attack.
I
So I'm working on cleaning up the terminology section with edits from
Drummond. On first read I had no idea what the difference between OP
Identifier and OP-Specific Identifier were. Now that my brain has
kicked in I do, but I have the feeling this is going to be really
confusing for others