[OpenID] My 2 Cents to the OpenID foundation
santrajan
santrajan at gmail.com
Thu Apr 2 19:16:04 UTC 2009
But I think there is more to it than just that. Because i was not able to
verify their SHA512 signature though their response mentions clearly it is
SHA512.
Martin Atkins-2 wrote:
>
> santrajan wrote:
>> myspace signatures are SHA512 not in Openid specs. The dont support SHA1
>> and
>> SHA256.
>>
>
> Ahh. This explains the interop problems with various sites I tried.
>
> I guess they're getting this support from DotNetOpenId, which supports
> additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and
> DH-SHA512.
>
> It'd be good if MySpace could at least also enable SHA256 for interop
> with compliant OpenID 2.0 implementations. (Though I'm aware of at least
> a few implementations that currently only support SHA-1, but that's
> certainly a problem since SHA-1 has been broken.)
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
--
View this message in context: http://www.nabble.com/My-2-Cents-to-the-OpenID-foundation-tp22841100p22855128.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general
mailing list