[OpenID] My 2 Cents to the OpenID foundation
John Bradley
john.bradley at wingaa.com
Fri Apr 3 03:09:26 UTC 2009
Martin,
Myspace supports HMAC-SHA256 and DH-SHA256 for openID 2.0 in my testing.
If they have a openID 2.0 interop issue please let me know and I will
attempt to capture it in an OSIS interop test. However I am not
seeing a problem with there associations, or anything else on a quick
look.
Regards
John Bradley
Prepared outgoing AssociateDiffieHellmanRequest (2.0) message for http://api.myspace.com/openid
:
openid.dh_modulus:
ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX
+YkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi/
368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI+XUkKJX8Fvf8W8vsixYOr
openid.dh_gen: Ag==
openid.dh_consumer_public: TNFXwmU9QTifKkmklQzq/ubOjdCjL5sHvm0SBy
+EbzM1ACH6leuq/MU8EGLNFHIRGW+pgzD8QNOrdymx7bYfUNoCgvhZUmzgZx
+Cxf3n9ZMepUEFVvwFFkj0Irv63JBYzy9TrGhMJoXHp09NEdMJ5RO0oPSJPLZZySq/
FWNF5Qg=
openid.assoc_type: HMAC-SHA256
openid.session_type: DH-SHA256
openid.mode: associate
openid.ns: http://specs.openid.net/auth/2.0
Processing incoming AssociateDiffieHellmanResponse (2.0) message:
dh_server_public: AKFvVHZ4LpjD+EkqDiJps36/
gWUI5N4WYBLg23TM0vIBdsaWgrq4s5BMmBO5Z7C+PygwSOmuzQNsn
+
fGd68a2sUuxQj9iIOls1ofnlCsXIzGQr8gt4aW0ZDjZs8hcypA9d3xetINIsTxQYi6GC8wJ0fvVzu5so0TtlaITqCKQ6pI
enc_mac_key: hSkCJoXCmmQnnUTe0T2yGGerEmv/LbJ54dEymarLj4A=
assoc_handle: {{HMAC-SHA256}{1238725530.30107}{XCfj0g==}
assoc_type: HMAC-SHA256
session_type: DH-SHA256
expires_in: 1209599
ns: http://specs.openid.net/auth/2.0
On 2-Apr-09, at 4:23 PM, general-request at openid.net wrote:
> Date: Thu, 02 Apr 2009 12:08:56 -0700
> From: Martin Atkins <mart at degeneration.co.uk>
> Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
> To: general at openid.net
> Message-ID: <49D50D48.8030709 at degeneration.co.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> santrajan wrote:
>> myspace signatures are SHA512 not in Openid specs. The dont support
>> SHA1 and
>> SHA256.
>>
>
> Ahh. This explains the interop problems with various sites I tried.
>
> I guess they're getting this support from DotNetOpenId, which supports
> additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and
> DH-SHA512.
>
> It'd be good if MySpace could at least also enable SHA256 for interop
> with compliant OpenID 2.0 implementations. (Though I'm aware of at
> least
> a few implementations that currently only support SHA-1, but that's
> certainly a problem since SHA-1 has been broken.)
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090402/78d947fb/attachment-0002.bin>
More information about the general
mailing list