<div class="gmail_quote">2009/3/19 Ben Laurie <span dir="ltr"><<a href="mailto:benl@google.com">benl@google.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Thu, Mar 19, 2009 at 2:17 PM, Andrew Arnott <<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>> wrote:<br>
> Maybe it's just me, but I don't like the terminology we're using. DH and<br>
> SSL are only redundant when used together.<br>
<br>
</div>I don't understand why. As I said, DH over SSL gives you a shared<br>
secret, which SSL alone does not. Of course there are cheaper ways to<br>
arrive at a shared secret over SSL, but that's not the point.</blockquote><div><br></div><div>The shared secret is established whether you use DH or SSL to keep it from traveling in cleartext over the Internet. </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<div class="im"><br>
> Otherwise they're complementary.<br>
> If SSL cannot be used, for whatever reason, DH is mandatory.<br>
<br>
</div>But does not protect against MitM, and so is not equivalent. Which is<br>
not what "complementary" means to me.</blockquote><div>Fair enough. Although I don't think equivalence is necessary to consider them complementary. But to each his own. I respect your points. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
<div><div></div><div class="h5"><br>
> --<br>
> Andrew Arnott<br>
> "I [may] not agree with what you have to say, but I'll defend to the death<br>
> your right to say it." - Voltaire<br>
><br>
><br>
> 2009/3/19 Ben Laurie <<a href="mailto:benl@google.com">benl@google.com</a>><br>
>><br>
>> On Thu, Mar 19, 2009 at 1:08 AM, Allen Tom <<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>> wrote:<br>
>> > Martin Atkins wrote:<br>
>> >><br>
>> >> However, I'm hesitant to support it without some research to show that<br>
>> >> existing RPs in the wild aren't doing DH over SSL, since such RPs would<br>
>> >> of<br>
>> >> course be broken by such a change.<br>
>> >><br>
>> > Last time I checked, most RPs were doing DH over SSL to the Yahoo OP.<br>
>> > As<br>
>> > you very correctly pointed out, we would not be able to turn DH off<br>
>> > without<br>
>> > breaking existing RPs, but it would be nice if the OpenID spec<br>
>> > discouraged<br>
>> > this behavior, so that we could eventually eliminate this redundancy.<br>
>><br>
>> Is it redundant? If you do DH over SSL, then you negotiate a shared<br>
>> secret that cannot be MitMed (unlike plain DH). This secret could then<br>
>> be used to avoid the overhead of SSL for other transactions.<br>
>><br>
>> > Also, based on our logs, it looks like some people were trying to learn<br>
>> > how<br>
>> > to implement DH while building their OpenID support. This is really not<br>
>> > a<br>
>> > good idea, and there's really no reason for RP developers to try to<br>
>> > figure<br>
>> > out DH if they don't have to.<br>
>> ><br>
>> > Personally, one of the most attractive traits of OpenID is its relative<br>
>> > simplicity compared to other protocols, and that it only implements<br>
>> > things<br>
>> > that people really need. Instead of expanding the protocol on every<br>
>> > revision, perhaps OpenID could set an example by removing things that<br>
>> > aren't<br>
>> > really used.<br>
>> ><br>
>> > Allen<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > general mailing list<br>
>> > <a href="mailto:general@openid.net">general@openid.net</a><br>
>> > <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>> ><br>
>> _______________________________________________<br>
>> general mailing list<br>
>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
</div></div></blockquote></div><br>