SitG Admin wrote:
Let's combine this with checkid_immediate: who needs the OP to say anything? Just query it again and again until you've narrowed down the user's last login to whatever degree of precision you wanted.
Limit the number of max auth ages that can be specified by any one RP within a reasonable period.
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
