[OpenID] rationale behind short-lived associations

Sun Nov 29 20:26:10 UTC 2009

I think it's because SSH keys are public/private key pairs, while OpenID associations are symmetric, i.e. two parties have to keep them safe and either of them has to trust the other that they keep them safe. (At least that's my guess ...) In the asymmetric case, nothing bad happens if a third party discovers somebody else's public key.

Coincidentally one of the reasons that we based LID of public key pairs instead of symmetric keys.

As you point out, making the lifetime shorter improves one thing but makes another thing harder, there's a tradeoff there.

On Nov 29, 2009, at 10:34, Will Norris wrote:

> One question has been bugging me for a while after reading the ICAM OpenID profile[0].  The ICAM profile specifies that associations must expire within at least 24 hours.  What's the rationale behind this?
> 
> Or put another way, what about the benefits of using long-lived associations?  Take SSH host keys for example.  They MUST be long lived to actually serve the purpose they are intended for... to ensure that host you're talking to today is the same host you talked to yesterday, and the day before that.  Now for the really paranoid, you would verify the SSH host key out of band some way, but I'm certainly not suggesting that (I've gotten my fill of that with SAML metadata exchange).  But even without the out of band verification, there is a lot of value just in having the host key long lived.
> 
> Why are these same principals not applied to OpenID associations?  Am I overloading the purpose of the association?
> 
> [0]: http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
> 
> -will
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general