> Longer term it would be nice for "allowed_issuers" to be supported in > the verifier. There are lots of opportunities for mistakes here. We're > asking reliers to use a more general purpose verifier for a specific > use case, and relying on them to do the right security checks. Recipe > for problems.
I believe that's the purpose of the "trustedIssuers" config option: https://github.com/mozilla/browserid-local-verify#verification-specific Francois _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
