On Mon, Sep 20, 2010 at 4:21 PM, MJ Ray <[log in to unmask]> wrote: > I think FOSS servers would be affected by the published-key spoofing > flaw too, wouldn't they? They would, but it should be easy(-ish) for each server admin to get their own key, which it can then (hopefully!) keep secret. The real problem is getting end-users to generate, enter, and register a consumer key. Really really, though, just treat the consumer key as a user-agent string. Don't take it seriously. You are free to not make the same mistakes as Twitter; your needs are different. Cheers, -Nate