Raising minimum OpenID version requirement for Providers to 2.0 to
protect this stateless RP from replay attacks
You can make the warning disappear by raising the minimum OpenID version requirement for Providers to 2.0 yourself in your configuration file[semi-dead link].
<dotNetOpenAuth> <openid> <relyingParty> <security minimumRequiredOpenIdVersion="V20" /> </relyingParty> </openid> </dotNetOpenAuth>
The effect is the same on your RP, but since you're doing it yourself, DotNetOpenAuth won't warn you that it is doing it for you.