[OpenID] D-H vs SSL
Peter Williams
pwilliams at rapattoni.com
Thu Mar 19 09:30:58 UTC 2009
Im not hearing folks say that they want the openid peers to access the master secret of SSL. I suspect they are just going to run the openid auth messages straight over the SSL protected TCP connection, which obviously brings peer entity authentication and then data origin authentication to the redirect or post bindings.
If we could just generalize association types, type could imply SSL ciphersuite (eg. DH). As the type value is received/handled by enach openid stack entity, it can confirm that SSL socket has negotiated the ciphersuite to suit the type specifier.
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Hans Granqvist
> Sent: Wednesday, March 18, 2009 10:57 PM
> To: Martin Atkins
> Cc: OpenID List
> Subject: Re: [OpenID] D-H vs SSL
>
> > ... DH over SSL is not something we can
> > completely remove in the next revision despite it being redundant.
>
> But it's not redundant, is it?
>
> TLS is transport layer security and the negotiated secrets (e.g., D-H
> keys) are
> only to be used *inside* the transport layer.
>
> The OpenID Diffie-Hellman key agreement is exactly the opposite: a
> secret
> to be used *outside* the transport layer.
>
> To make these secrets visible or to introduce dependencies cross layer
> boundaries
> quickly complicates protocol security risk assessment analysis.
>
>
> Hans
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list