[OpenID] D-H vs SSL

Ben Laurie benl at google.com
Thu Mar 19 14:19:28 UTC 2009 

On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott <andrewarnott at gmail.com> wrote:
> Maybe it's just me, but I don't like the terminology we're using.  DH and
> SSL are only redundant when used together.

I don't understand why. As I said, DH over SSL gives you a shared
secret, which SSL alone does not. Of course there are cheaper ways to
arrive at a shared secret over SSL, but that's not the point.

>  Otherwise they're complementary.
>  If SSL cannot be used, for whatever reason, DH is mandatory.

But does not protect against MitM, and so is not equivalent. Which is
not what "complementary" means to me.

> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
>
> 2009/3/19 Ben Laurie <benl at google.com>
>>
>> On Thu, Mar 19, 2009 at 1:08 AM, Allen Tom <atom at yahoo-inc.com> wrote:
>> > Martin Atkins wrote:
>> >>
>> >>  However, I'm hesitant to support it without some research to show that
>> >> existing RPs in the wild aren't doing DH over SSL, since such RPs would
>> >> of
>> >> course be broken by such a change.
>> >>
>> > Last time I checked, most RPs were doing DH over SSL to the Yahoo OP.
>> >  As
>> > you very correctly pointed out, we would not be able to turn DH off
>> > without
>> > breaking existing RPs, but it would be nice if the OpenID spec
>> > discouraged
>> > this behavior, so that we could eventually eliminate this redundancy.
>>
>> Is it redundant? If you do DH over SSL, then you negotiate a shared
>> secret that cannot be MitMed (unlike plain DH). This secret could then
>> be used to avoid the overhead of SSL for other transactions.
>>
>> > Also, based on our logs, it looks like some people were trying to learn
>> > how
>> > to implement DH while building their OpenID support. This is really not
>> > a
>> > good idea, and there's really no reason for RP developers to try to
>> > figure
>> > out DH if they don't have to.
>> >
>> > Personally, one of the most attractive traits of OpenID is its relative
>> > simplicity compared to other protocols, and that it only implements
>> > things
>> > that people really need. Instead of expanding the protocol on every
>> > revision, perhaps OpenID could set an example by removing things that
>> > aren't
>> > really used.
>> >
>> > Allen
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list