[Psi-devel] Fixes to XEP-0070 implementation
Maciek Niedzielski
machekku at uaznia.net
Tue Dec 5 13:31:50 PST 2006
Remko Tronçon wrote:
>>> 1) allow empty transaction id (as discussed with Remko)
>> This is prompted by my current OpenID implementation (which I need to
>> rework to fix). After the chat with Remko, I realise that transaction
>> id is critical for security purposes. It should be extremely visible
>> to the user in the confirmation window, and the user should be
>> prompted to double check that it matches what they typed into the
>> browser window.
>
> This is why the transaction-id is obligatory. However, an empty
> transaction id is a transaction id as well (albeit a bad one), just
> like an empty PGP passphrase is a valid passphrase.
We could display a warning and advice using transaction id.
--
Maciek
xmpp:machekku at uaznia.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20061205/83c54b9e/signature-0001.pgp
More information about the psi-devel
mailing list