[OpenID] My 2 Cents to the OpenID foundation

Peter Williams pwilliams at rapattoni.com
Fri Apr 3 03:31:17 UTC 2009


So what is the  community position on OPs who implement non standard features (e.g. ciphersuites) and require RPs to use them when interworking with that OP?

All parties in openid are peers and anyone of them would, could, and should set politics that will impacts its peers. But my assumption was that the peers would mandate features within the standard interworking set.


> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of John Bradley
> Sent: Thursday, April 02, 2009 8:09 PM
> To: general at openid.net
> Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
>
> Martin,
>
> Myspace supports HMAC-SHA256 and DH-SHA256 for openID 2.0 in my
> testing.
>
> If they have a openID 2.0 interop issue please let me know and I will
> attempt to capture it in an OSIS interop test.   However I am not
> seeing a problem with there associations, or anything else on a quick
> look.
>
> Regards
> John Bradley
>
> Prepared outgoing AssociateDiffieHellmanRequest (2.0) message for
> http://api.myspace.com/openid
> :
>         openid.dh_modulus:
> ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX
> +YkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi/
> 368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI+XUkKJX8Fvf8W8vsixYOr
>         openid.dh_gen: Ag==
>         openid.dh_consumer_public:
> TNFXwmU9QTifKkmklQzq/ubOjdCjL5sHvm0SBy
> +EbzM1ACH6leuq/MU8EGLNFHIRGW+pgzD8QNOrdymx7bYfUNoCgvhZUmzgZx
> +Cxf3n9ZMepUEFVvwFFkj0Irv63JBYzy9TrGhMJoXHp09NEdMJ5RO0oPSJPLZZySq/
> FWNF5Qg=
>         openid.assoc_type: HMAC-SHA256
>         openid.session_type: DH-SHA256
>         openid.mode: associate
>         openid.ns: http://specs.openid.net/auth/2.0
>
> Processing incoming AssociateDiffieHellmanResponse (2.0) message:
>         dh_server_public: AKFvVHZ4LpjD+EkqDiJps36/
> gWUI5N4WYBLg23TM0vIBdsaWgrq4s5BMmBO5Z7C+PygwSOmuzQNsn
> +
> fGd68a2sUuxQj9iIOls1ofnlCsXIzGQr8gt4aW0ZDjZs8hcypA9d3xetINIsTxQYi6GC8wJ
> 0fvVzu5so0TtlaITqCKQ6pI
>         enc_mac_key: hSkCJoXCmmQnnUTe0T2yGGerEmv/LbJ54dEymarLj4A=
>         assoc_handle: {{HMAC-SHA256}{1238725530.30107}{XCfj0g==}
>         assoc_type: HMAC-SHA256
>         session_type: DH-SHA256
>         expires_in: 1209599
>         ns: http://specs.openid.net/auth/2.0
>
> On 2-Apr-09, at 4:23 PM, general-request at openid.net wrote:
>
> > Date: Thu, 02 Apr 2009 12:08:56 -0700
> > From: Martin Atkins <mart at degeneration.co.uk>
> > Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
> > To: general at openid.net
> > Message-ID: <49D50D48.8030709 at degeneration.co.uk>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > santrajan wrote:
> >> myspace signatures are SHA512 not in Openid specs. The dont support
> >> SHA1 and
> >> SHA256.
> >>
> >
> > Ahh. This explains the interop problems with various sites I tried.
> >
> > I guess they're getting this support from DotNetOpenId, which
> supports
> > additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and
> > DH-SHA512.
> >
> > It'd be good if MySpace could at least also enable SHA256 for interop
> > with compliant OpenID 2.0 implementations. (Though I'm aware of at
> > least a few implementations that currently only support SHA-1, but
> > that's certainly a problem since SHA-1 has been broken.)
> >
> >




More information about the general mailing list