Specifying identifier recycling
Claus Färber
GMANE at faerber.muc.de
Sat Jun 2 19:50:29 UTC 2007
Nat Sakimura schrieb:
> 1) Storing many users' private key on the server in decryptable format is
> not very safe.
>
> In your proposal, it looks like that OP is going to hold the private key for
> each user in decryptable format. Considering that most large scale privacy
> leakage happens at the server side, I have got a feeling that such thing
> like private key in a shared location.
If you can't trust your OP to keep your secrets secret, there's nothing
you can do about that. Of course, you would not use a key that's valid
as a key for anything else than OpenID.
It's also possible that the OP does not know the private key by using
two key pairs:
. pers_secret, pers_public (the identity)
. temp_secret, temp_public
The OpenID Povider only has the following:
. pers_public
. temp_secret, temp_public
. cert = sign(temp_public, with_key=pers_secret)
The _real_ private key, pers_secret, is kept by the user. If the server
is compromised (or becomes rouge, trying to steal the identity), the
user can still take his identity elsewhere by signing the tmp2_public
key of another server.
Claus
More information about the specs
mailing list