Labs/Identity/VerifiedEmailProtocol: Difference between revisions

Jump to navigation Jump to search

Labs/Identity/VerifiedEmailProtocol (view source)

Revision as of 23:47, 9 May 2011

126 bytes added ,  9 May 2011
m
→‎Verification Services
Line 190: Line 190:


The verification step would be quite straightforward: the relying party would simply POST an assertion to a verifier over SSL along with their expected audience string, the verifier would verify the assertion as in 4.2, and return a result code. The audience test is necessary, as it prevents replay attacks using assertions captured at other sites.
The verification step would be quite straightforward: the relying party would simply POST an assertion to a verifier over SSL along with their expected audience string, the verifier would verify the assertion as in 4.2, and return a result code. The audience test is necessary, as it prevents replay attacks using assertions captured at other sites.
<font color=green>This requires that the server enforce that audience matches the reverse DNS of the requesting site?</font>


== Certification ==
== Certification ==
Jrconlin
Confirmed users
1,022

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/306704"

Navigation menu