Category Archives: Security
DNS poisoning + (Debian’s) weak HTTPS certificates
A recent security news bulletin revealed that Debian and derivative Linux operating systems have been generating extremely weak HTTPS certificates for years. As a result, OpenID relying party web sites may be vulnerable to a brute force HTTPS certificate plus … Continue reading
Posted in DotNetOpenAuth, Security
Comments Off
Security Features
Regular security features Full implementation of OpenID’s discovery, verification, and rediscovery requirements. HTTPS certificates are validated against CRL (certificate revocation list). XRI resolution using 100% HTTPS. XRIs resolve to CanonicalID (i-number) claimed identifiers. Replay protection when working with OpenID 1.x … Continue reading
