[OpenID] My 2 Cents to the OpenID foundation
john.bradley at wingaa.com
Fri Apr 3 07:01:31 UTC 2009
The message signature and transport encryption protect against
The concern is that given enough time and resources an attacker could
recover a session-key given the well documented weaknesses in SHA1.
Even with the known weakness this would be incredibly difficult if the
keys are rotated regularly. SSL can't protect against this.
Without SSL protecting the discovery step I would opt for the much
easier DNS poisoning attack against a RP to hijack the session key.
On the other hand given the vetting practices of some CAs it is not
impossible to imagine that a cert could not be acquired for almost any
So SSL is better than no ssl, SHA256 is better than SHA1, Checking
the returned assertion against the discovered information is better
Defense in depth is better than no defense. Nothing is perfect but
you need to consider the security and cost of the whole system vs the
value of what you are protecting.
On 2-Apr-09, at 11:20 PM, general-request at openid.net wrote:
> Message: 6
> Date: Thu, 2 Apr 2009 23:10:19 -0700 (PDT)
> From: santrajan <santrajan at gmail.com>
> Subject: Re: [OpenID] My 2 Cents to the OpenID foundation
> To: general at openid.net
> Message-ID: <22862548.post at talk.nabble.com>
> Content-Type: text/plain; charset=us-ascii
> I am surprised that a large OP like myspace has chosen not to use
> layer security at their endpoint. SHA1 would have a been a lesser
> risk if
> they had chosen to do so.
> John Bradley-7 wrote:
>> Yahoo and I have an ongoing disagreement over the requirement for
>> openID 2.0 OPs to support HMAC-SHA256, they believe that HMAC-SHA1
>> sufficient. I think that if an RP ask for a SHA256 association they
>> should support it. (Allen feel free to defend yourself:)
>> I think it would be a good idea for myspace to support both but they
>> are not required to. They may have a valid security reason not to
>> allow fallback to HMAC-SHA1.
>> I could buy that argument more easily than forcing an RP to a smaller
>> So my take on it for what it is worth, is that openID 2.0 RPs must
>> support HMAC-SHA256 and HMAC-SHA1 if they want to interoperate with
>> all OPs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general