[OpenID] D-H vs SSL

Andrew Arnott andrewarnott at gmail.com
Thu Mar 19 17:28:01 UTC 2009 

2009/3/19 Ben Laurie <benl at google.com>

> On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott <andrewarnott at gmail.com>
> wrote:
> > Maybe it's just me, but I don't like the terminology we're using.  DH and
> > SSL are only redundant when used together.
>
> I don't understand why. As I said, DH over SSL gives you a shared
> secret, which SSL alone does not. Of course there are cheaper ways to
> arrive at a shared secret over SSL, but that's not the point.


The shared secret is established whether you use DH or SSL to keep it from
traveling in cleartext over the Internet.

>
>
> >  Otherwise they're complementary.
> >  If SSL cannot be used, for whatever reason, DH is mandatory.
>
> But does not protect against MitM, and so is not equivalent. Which is
> not what "complementary" means to me.

Fair enough.  Although I don't think equivalence is necessary to consider
them complementary.  But to each his own.  I respect your points.

>
>
> > --
> > Andrew Arnott
> > "I [may] not agree with what you have to say, but I'll defend to the
> death
> > your right to say it." - Voltaire
> >
> >
> > 2009/3/19 Ben Laurie <benl at google.com>
> >>
> >> On Thu, Mar 19, 2009 at 1:08 AM, Allen Tom <atom at yahoo-inc.com> wrote:
> >> > Martin Atkins wrote:
> >> >>
> >> >>  However, I'm hesitant to support it without some research to show
> that
> >> >> existing RPs in the wild aren't doing DH over SSL, since such RPs
> would
> >> >> of
> >> >> course be broken by such a change.
> >> >>
> >> > Last time I checked, most RPs were doing DH over SSL to the Yahoo OP.
> >> >  As
> >> > you very correctly pointed out, we would not be able to turn DH off
> >> > without
> >> > breaking existing RPs, but it would be nice if the OpenID spec
> >> > discouraged
> >> > this behavior, so that we could eventually eliminate this redundancy.
> >>
> >> Is it redundant? If you do DH over SSL, then you negotiate a shared
> >> secret that cannot be MitMed (unlike plain DH). This secret could then
> >> be used to avoid the overhead of SSL for other transactions.
> >>
> >> > Also, based on our logs, it looks like some people were trying to
> learn
> >> > how
> >> > to implement DH while building their OpenID support. This is really
> not
> >> > a
> >> > good idea, and there's really no reason for RP developers to try to
> >> > figure
> >> > out DH if they don't have to.
> >> >
> >> > Personally, one of the most attractive traits of OpenID is its
> relative
> >> > simplicity compared to other protocols, and that it only implements
> >> > things
> >> > that people really need. Instead of expanding the protocol on every
> >> > revision, perhaps OpenID could set an example by removing things that
> >> > aren't
> >> > really used.
> >> >
> >> > Allen
> >> >
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > general mailing list
> >> > general at openid.net
> >> > http://openid.net/mailman/listinfo/general
> >> >
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/b058f515/attachment-0002.htm>

More information about the general mailing list