[OpenID] general Digest, Vol 31, Issue 32
John Bradley
john.bradley at wingaa.com
Wed Mar 18 01:34:35 UTC 2009
Supporting DH encrypted key exchange is part of the existing 2.0 spec.
Yahoo and others argue that since they only support associations over
SSL the DH encryption is redundant.
In recognition of that I modified the OSIS tests slightly so that the
test is that the OP rejects No-Encryption Association sessions over
http sessions.
https://test-id.org/OP/AssociateHttpNoEncryption.aspx
Supporting DH is still a requirement of the spec but it is more
important to focus on stopping associations from happening in the
clear.
I don't believe Yahoo's position is unreasonable on this.
John Bradley
> Date: Tue, 17 Mar 2009 13:00:36 -0700
> From: Martin Atkins <mart at degeneration.co.uk>
> Subject: Re: [OpenID] Backwards Compatibility
> To: general at openid.net
> Message-ID: <49C00164.5070709 at degeneration.co.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Allen Tom wrote:
>>
>> If anything, I'd like to see things removed from 2.0, such as the
>> DH key
>> exchange.
>>
>
> Why would the key exchange be removed? What would it be replaced with?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090317/5c1057ae/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090317/5c1057ae/attachment-0002.bin>
More information about the general
mailing list