On Mon, Sep 20, 2010 at 4:21 PM, MJ Ray <mjr_at_phonecoop.coop> wrote:
> I think FOSS servers would be affected by the published-key spoofing
> flaw too, wouldn't they?
They would, but it should be easy(-ish) for each server admin to get
their own key, which it can then (hopefully!) keep secret. The real
problem is getting end-users to generate, enter, and register a
consumer key.
Really really, though, just treat the consumer key as a user-agent
string. Don't take it seriously. You are free to not make the same
mistakes as Twitter; your needs are different.
Cheers,
-Nate
Received on Mon Sep 20 2010 - 18:03:12 EDT