[OpenID] D-H vs SSL
Johannes Ernst
jernst+openid.net at netmesh.us
Wed Mar 18 23:35:26 UTC 2009
> Yahoo and others argue that since they only support associations
> over SSL the DH encryption is redundant.
It may be in some scenarios, it is not in others.
For example, in a corporate behind-the-firewall deployment it may be
unreasonably complicated to set up SSL for a departmental server.
I would hate it if we had to tell those guys that they then have to
send around their secrets in clear text.
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090318/5f9f00c8/attachment-0004.gif>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090318/5f9f00c8/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list