On 3/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I don't know what the position is on disclosure so I thought I > would just describe what is possible on the MyOpenID site and see > if the problem has been encountered before.
Just for the record, we (JanRain) prefer to get contacted before a potential vulnerability has been publicly discussed. We're happy to work with anyone who has found a vulnerability in the OpenID protocols, the JanRain OpenID libraries, or any of our OpenID-using products. Josh _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
