openid-security  

Messages by Date

• 2023/08/22 [security] Notification of new OpenID Connect security testing tool Junki Yuasa
• 2021/02/13 [security] Question about validating access token with id token at_hash claim after access token has been refreshed Dickerson, Scott
• 2019/04/08 Re: [security] Security issue with ruby-openid library Chris
• 2019/03/02 Re: [security] Security issue with ruby-openid library Chris
• 2019/03/01 Re: [security] Security issue with ruby-openid library n-sakimura
• 2019/03/01 Re: [security] Security issue with ruby-openid library Chris
• 2019/02/28 Re: [security] Security issue with ruby-openid library Axel.Nennker
• 2019/02/26 [security] Security issue with ruby-openid library Chris
• 2014/12/25 Re: [security] Request splitting/SSRF in php-openid isciurus
• 2014/12/25 Re: [security] Request splitting/SSRF in php-openid Kurt Seifried
• 2014/12/25 [security] Request splitting/SSRF in php-openid isciurus
• 2014/03/17 Re: [security] [Openid-specs-ab] We have published a discovery doc & JWK endpoint Manger, James
• 2014/03/03 Re: [security] OIC self-issued mode is insecure Manger, James
• 2014/03/03 Re: [security] OIC self-issued mode is insecure Mike Jones
• 2014/03/03 Re: [security] OIC self-issued mode is insecure Manger, James
• 2014/03/03 Re: [security] OIC self-issued mode is insecure Mike Jones
• 2014/03/03 Re: [security] reporting security flaws John Bradley
• 2014/03/02 Re: [security] OIC self-issued mode is insecure Mike Jones
• 2014/03/02 Re: [security] OIC self-issued mode is insecure n-sakimura
• 2014/03/02 Re: [security] reporting security flaws Pamela Dingle
• 2014/03/02 [security] reporting security flaws Manger, James
• 2014/03/02 Re: [security] OIC self-issued mode is insecure Pamela Dingle
• 2014/02/27 Re: [security] OIC self-issued mode is insecure Manger, James
• 2014/02/26 Re: [security] OIC self-issued mode is insecure Manger, James
• 2014/02/26 Re: [security] OIC self-issued mode is insecure Nat Sakimura
• 2014/02/26 Re: [security] OIC self-issued mode is insecure Nat Sakimura
• 2014/02/25 Re: [security] OIC self-issued mode is insecure Manger, James
• 2014/02/25 Re: [security] OIC self-issued mode is insecure Mike Jones
• 2014/02/24 [security] OIC self-issued mode is insecure Manger, James
• 2014/01/28 [security] python-openid / XXE ? romanvinohradsky
• 2014/01/02 Re: [security] OpenID identity leaks Andris Atteka
• 2013/12/30 Re: [security] OpenID identity leaks Jacob Bellamy
• 2013/12/30 Re: [security] OpenID identity leaks John Bradley
• 2013/12/30 Re: [security] OpenID identity leaks Andrew Arnott
• 2013/12/30 Re: [security] OpenID identity leaks Jacob Bellamy
• 2013/12/30 Re: [security] OpenID identity leaks Andris Atteka
• 2013/12/25 Re: [security] OpenID identity leaks Johnny Bufu
• 2013/12/21 Re: [security] OpenID identity leaks Andris Atteka
• 2013/12/21 Re: [security] OpenID identity leaks Bart van Delft
• 2013/12/21 [security] OpenID identity leaks Andris Atteka
• 2013/11/23 [security] (no subject) Alvin Santiago
• 2012/10/26 Re: [security] Unsolicited assertion security vulnerability? John Bradley
• 2012/10/26 Re: [security] Unsolicited assertion security vulnerability? Andrew Arnott
• 2012/10/26 Re: [security] Unsolicited assertion security vulnerability? John Bradley
• 2012/10/26 [security] Unsolicited assertion security vulnerability? Andrew Arnott
• 2012/07/27 Re: [security] AX Security in python-openid John Bradley
• 2012/07/27 Re: [security] AX Security in python-openid Nat Sakimura
• 2012/07/26 [security] AX Security in python-openid Mike Sun
• 2012/07/05 [security] XSRF and unsolicited assertions Andrew Arnott
• 2011/05/06 Re: [security] Logout John Bradley
• 2011/05/06 Re: [security] Logout Jacob Bellamy
• 2011/05/05 Re: [security] Logout Nat Sakimura
• 2011/05/04 [security] Logout Sylvain Gilbert
• 2011/04/21 [security] Email addresses as primary identifiers, and unsolicited assertions Andrew Arnott
• 2011/03/30 Re: [security] SL comprimise James A. Donald
• 2011/03/30 Re: [security] SL comprimise SitG Admin
• 2011/03/30 Re: [security] SL comprimise James A. Donald
• 2011/03/30 Re: [security] SL comprimise Eddy Nigg (StartCom Ltd.)
• 2011/03/30 Re: [security] SL comprimise John Bradley
• 2011/03/30 Re: [security] SL comprimise Eddy Nigg (StartCom Ltd.)
• 2011/03/30 Re: [security] SL comprimise John Bradley
• 2011/03/30 Re: [security] SL comprimise Kurt Seifried
• 2011/03/26 Re: [security] SL comprimise John Bradley
• 2011/03/25 Re: [security] SL comprimise SitG Admin
• 2011/03/25 Re: [security] SL comprimise John Bradley
• 2011/03/25 Re: [security] SL comprimise John Bradley
• 2011/03/25 Re: [security] SL comprimise Kurt Seifried
• 2011/03/25 Re: [security] SL comprimise SitG Admin
• 2011/03/25 Re: [security] SL comprimise John Bradley
• 2011/03/25 Re: [security] SL comprimise John Bradley
• 2011/03/25 Re: [security] SL comprimise Ben Laurie
• 2011/03/24 Re: [security] SL comprimise John Bradley
• 2011/03/24 Re: [security] SL comprimise John Bradley
• 2011/03/24 Re: [security] SL comprimise Andrew Arnott
• 2011/03/24 Re: [security] SL comprimise John Bradley
• 2011/03/24 Re: [security] SL comprimise Mike Hanson
• 2011/03/24 Re: [security] SL comprimise Phillip Hallam-Baker
• 2011/03/24 Re: [security] SL comprimise Mike Hanson
• 2011/03/24 [security] SL comprimise John Bradley
• 2010/12/02 [security] Женская логика Vovan
• 2010/12/02 [security] Пикап Vovan
• 2010/12/02 [security] Пикап Vovan
• 2010/12/02 [security] Пикап Vovan
• 2010/12/02 [security] Пикап Vovan
• 2010/09/17 [security] PAPE max_auth_age vs. policies Vlastimil Zíma
• 2010/07/17 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Phillip Hallam-Baker
• 2010/07/17 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/17 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations James A. Donald
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Andrew Arnott
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations James A. Donald
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Andrew Arnott
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Pádraic Brady
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Bob Wyman
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Pádraic Brady
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Phillip Hallam-Baker
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Breno de Medeiros
• 2010/07/16 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Pádraic Brady
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Andrew Arnott
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Phillip Hallam-Baker
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Phillip Hallam-Baker
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/15 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations James A. Donald
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations James A. Donald
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Breno de Medeiros
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations John Bradley
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Breno de Medeiros
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations John Bradley
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Pádraic Brady
• 2010/07/14 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Eric Norman
• 2010/07/13 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/13 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations John Bradley
• 2010/07/13 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations Nate Lawson
• 2010/07/13 Re: [security] Widespread Timing Vulnerabilities in OpenID implementations John Bradley
• 2010/07/13 [security] Widespread Timing Vulnerabilities in OpenID implementations Taylor Nelson
• 2010/04/30 [security] Consumer refuses to associate with provider Benedikt Schröfel
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Jacob Bellamy
• 2010/03/23 Re: [security] Must to have for an Open ID Provider John Bradley
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Jacob Bellamy
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Andrew Arnott
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Jacob Bellamy
• 2010/03/23 Re: [security] Must to have for an Open ID Provider David Recordon
• 2010/03/23 Re: [security] Must to have for an Open ID Provider John Bradley
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Andrew Arnott
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Bart van Delft
• 2010/03/23 Re: [security] Must to have for an Open ID Provider Breno de Medeiros
• 2010/03/23 [security] Must to have for an Open ID Provider Jaideep Khandelwal
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Nat Sakimura
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers SitG Admin
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Brandon Ramirez
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Jacob Bellamy
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Thomas Hardjono
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers John Bradley
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers SitG Admin
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers SitG Admin
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Santosh Rajan
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Thomas Hardjono
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Ben Laurie
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Andrew Arnott
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers John Bradley
• 2009/12/10 Re: [security] Nonrepudiation, and Trusting OpenID Providers Ben Laurie
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Breno de Medeiros
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Allen Tom
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Brandon Ramirez
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers John Bradley
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers John Bradley
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Shearer, Charles Dylan
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Shearer, Charles Dylan
• 2009/12/09 Re: [security] HTTP vs HTTPS based OpenIDs Jacob Bellamy
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers =JeffH
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Ben Laurie
• 2009/12/09 Re: [security] Nonrepudiation, and Trusting OpenID Providers Nash, Andrew
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Jonathan Coffman
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs SitG Admin
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Trevor Johns
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Jacob Bellamy
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Johannes Ernst
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Trevor Johns
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Breno de Medeiros
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Jacob Bellamy
• 2009/12/08 Re: [security] HTTP vs HTTPS based OpenIDs Andrew Arnott
• 2009/12/08 [security] HTTP vs HTTPS based OpenIDs Jacob Bellamy
• 2009/12/08 Re: [security] Nonrepudiation, and Trusting OpenID Providers John Bradley
• 2009/12/07 Re: [security] Nonrepudiation, and Trusting OpenID Providers Shearer, Charles Dylan
• 2009/12/07 Re: [security] Nonrepudiation, and Trusting OpenID Providers SitG Admin
• 2009/12/07 Re: [security] Nonrepudiation, and Trusting OpenID Providers David Recordon
• 2009/12/07 [security] Nonrepudiation, and Trusting OpenID Providers Shearer, Charles Dylan
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Chris Messina
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Andrew Arnott
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Breno de Medeiros
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Andrew Arnott
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Andrew Arnott
• 2009/11/16 Re: [security] Danger of Content-Location HTTP response header Breno de Medeiros
• 2009/11/14 Re: [security] Danger of Content-Location HTTP response header Andrew Arnott
• 2009/11/14 Re: [security] Danger of Content-Location HTTP response header John Bradley
• 2009/11/14 Re: [security] Danger of Content-Location HTTP response header Allen Tom
• 2009/11/04 [security] Danger of Content-Location HTTP response header Andrew Arnott
• 2009/11/02 Re: [security] Login CSRF in OpenID Authentication Adam Barth
• 2009/10/19 Re: [security] passing password on identification request? Allen Tom
• 2009/10/19 Re: [security] passing password on identification request? SitG Admin
• 2009/10/19 Re: [security] passing password on identification request? John Bradley
• 2009/10/19 Re: [security] passing password on identification request? John Bradley
• 2009/10/19 Re: [security] passing password on identification request? Anthony Brassac
• 2009/10/19 Re: [security] passing password on identification request? John Bradley
• 2009/10/19 Re: [security] passing password on identification request? SitG Admin
• 2009/10/19 Re: [security] passing password on identification request? Anthony Brassac
• 2009/10/15 Re: [security] passing password on identification request? John Bradley
• 2009/10/13 Re: [security] passing password on identification request? SitG Admin
• 2009/10/13 Re: [security] passing password on identification request? John Bradley
• 2009/10/13 [security] passing password on identification request? Anthony Brassac