[OpenID] My 2 Cents to the OpenID foundation
Allen Tom
atom at yahoo-inc.com
Mon Apr 6 22:40:32 UTC 2009
John Bradley wrote:
>
> Yahoo and I have an ongoing disagreement over the requirement for
> openID 2.0 OPs to support HMAC-SHA256, they believe that HMAC-SHA1 is
> sufficient. I think that if an RP ask for a SHA256 association they
> should support it. (Allen feel free to defend yourself:)
Hi John,
I don't think any RP has asked us to support HMAC-SHA256, so we haven't
gotten around to implementing it yet. As far as I can tell, Section 6.2
of the OpenID 2.0 spec does not require OPs to support HMAC-SHA256.
Thanks
Allen
More information about the general
mailing list