tag:blogger.com,1999:blog-6894552.post7656771900751107983..comments2011-09-04T08:58:54.518-07:00Andrew Arnotthttps://profiles.google.com/114635397638720587251noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6894552.post-81257901421878386742011-09-04T08:58:54.518-07:002011-09-04T08:58:54.518-07:00

Step 7 mentions that the RP must be vulnerable to this attack. As you say, the RP shouldn&#39;t be vulnerable, but it *may* be.<br /><br />Step 3 is always possible, as the browser (and thus the attacker) can see the association handle after the RP and OP establish it by their privat echannel, because during the checkid_setup redirect one of the user-visible parameters is the association handle.

Andrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.comtag:blogger.com,1999:blog-6894552.post-11086531702312107652011-09-04T01:24:43.632-07:002011-09-04T01:24:43.632-07:00

Step 7 is not possible? I&#39;d guess the RP stores associations per OP, so an OP cannot overwrite any other OP&#39;s associations<br /><br />I don&#39;t know how step 3 would be possible. The Web browser will never be able to read the handle established between RP and GoodOP, isn&#39;t the association created in a HTTP connection directly between the RP and GoodOP.<br /><br />Even if the Hacker

Kaj Magnushttp://www.blogger.com/profile/18054221902017877054noreply@blogger.com