[OpenID] My 2 Cents to the OpenID foundation
Martin Atkins
mart at degeneration.co.uk
Thu Apr 2 19:08:56 UTC 2009
santrajan wrote:
> myspace signatures are SHA512 not in Openid specs. The dont support SHA1 and
> SHA256.
>
Ahh. This explains the interop problems with various sites I tried.
I guess they're getting this support from DotNetOpenId, which supports
additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and
DH-SHA512.
It'd be good if MySpace could at least also enable SHA256 for interop
with compliant OpenID 2.0 implementations. (Though I'm aware of at least
a few implementations that currently only support SHA-1, but that's
certainly a problem since SHA-1 has been broken.)
More information about the general
mailing list