<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Peter,<div><br></div><div>I just looked into it a bit more for Martin.</div><div><br></div><div>I suspect the root of the issue is that MySpace like Yahoo is not supporting openID 1.1.</div><div><br></div><div>As a result of that they may not be supporting SHA1. </div><div><br></div><div>If an RP cant negotiate an association they should fall back to dumb mode and continue on.</div><div><br></div><div>If there is a issue with TypePad and LiveJournal then the issue may be on there side.</div><div><br></div><div>It should certainly be explored if those RPs are having issues with MySpace IDs.</div><div><br></div><div>I will chalk this up to normal interop issues rather than some larger policy until I see evidence to the contrary.</div><div><br></div><div>The OSIS tests are public including the source code on the new ones feel free to run them against any OP or RP you like.</div><div><br></div><div>Regards</div><div>John Bradley<br><div><div>On 2-Apr-09, at 9:25 PM, Peter Williams wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div lang="EN-US" link="blue" vlink="purple" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div class="Section1"><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Share this on the general list, if you feel it’s fair.<o:p></o:p></span></div><div style="border-top-style: none; border-right-style: none; border-left-style: none; border-width: initial; border-color: initial; border-bottom-style: solid; border-bottom-color: windowtext; border-bottom-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 1pt; padding-left: 0in; "><div style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">That’s fair enough. Let’s find out what the mix of non-normative extensions plus the praxis of policy management is, before we make *<b>any</b>* conclusions (or anyone infers any imputations). <o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">This is all a bit like Google’s announcement moment, where they had policy controls initially (for testing purposes) – before they learned the community really did want them to operate as an open system (which they did and do, as far as I know)<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">The openness test for a system (in a UCI movement, particularly) is<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Find an RP (e.g. some blog site handling authenticated comments).<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Find an OP (e.g. MySpace)<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Then See if - WITHOUT bilateral agreement – the OP subscriber ( i.e. myspace user) can freely wander to that RP, without the prior knowledge of a OP/Myspace administrator.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Though the RP may CERTAINLY reject an assertion on the grounds that the OP has insufficient trustworthiness (in the RP’s eyes), it’s hardly “openid” that an OP may limit the blog sites where a given op’s user may deposit his/her authenticated comment!?<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">If such a blog site accepting the openid assertion wants to use only a standard ciphersuite, we can easily test whether it can do so.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">If that all happens, and no bilateral contact is required to make it happen, then there is nothing to whine about. One should celebrate those parties.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Now, I don’t mind folks inducing particular networks of partners to set and use a higher standard than the norm. But, there must be no technical or policy or setup barrier to using the standard, just as it is.<o:p></o:p></span></div><div style="border-top-style: none; border-right-style: none; border-left-style: none; border-width: initial; border-color: initial; border-bottom-style: solid; border-bottom-color: windowtext; border-bottom-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 1pt; padding-left: 0in; "><div style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I’m more than happy with the wider position you advocate on ciphersuites, John. Now folks with the expertise in ciphers and ciphersuite design can and should go out and design their own ciphersuites, and quite properly use them in this community – without being labeled “unopenid”.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">It’s fascinating to see just how rapidly things are maturing. In the last few weeks, we have seen that its quite proper to exchange cleartext master session keys that are protected by “non standard” means (e.g. a privately-defined SSL ciphersuite), and now it’s quite proper to go design and use your own ciphersuite within openid auth v2 when providing data origin authentication service for the assertion (and any extensions). <o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I find this all very “OSI”! Feel free to use bilateral agreement where you see fit, but always fallback to the open standards and protocols where no bilateral agreement governs. So long as bilateral agreements are not mandatory for interworking in public networks (an OSI rule), this is all likely to be a very successful community formula. Nothing hampers innovation and communities of interest, but some reasonable minimum works …with no prior setup.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: blue; border-left-width: 1.5pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 4pt; "><div><div style="border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; border-top-style: solid; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>John Bradley [<a href="mailto:john.bradley@wingaa.com" style="color: blue; text-decoration: underline; ">mailto:john.bradley@wingaa.com</a>]<span class="Apple-converted-space"> </span><br><b>Sent:</b><span class="Apple-converted-space"> </span>Thursday, April 02, 2009 8:52 PM<br><b>To:</b><span class="Apple-converted-space"> </span>Peter Williams<br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [OpenID] My 2 Cents to the OpenID foundation<o:p></o:p></span></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">openID has no conformance requirement, unlike other protocols we are familiar with.<o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">We do have interop testing for openID through OSIS.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="http://osis.idcommons.net/" style="color: blue; text-decoration: underline; ">http://osis.idcommons.net/</a><o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I have sent a message to one of the developers at myspace asking if they would like to participate in the OSIS testing as an OP.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">They may or may not chose to submit themselves to a public interop. However anyone can run the OSIS tests against them.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">In a quick look at there OP (sadly I did have a myspace account but couldn't remember my password) I did not see any evidence of non-standard ciphersuites being required. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">If they do support HMAC-512 and someone negotiates a session using that the spec doesn't preclude that, as long as they support and negotiate the standard set.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Honestly we have more problems with people not supporting HMAC-SHA256 or DH than with people supporting extra stuff.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">If someone can point to a concrete issue with myspace I will look into it, but at this point people should refrain from making unsubstantiated claims about an OP who appears to be doing nothing wrong.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">The best answer is public interop testing then everyone in the community knows where OPs and RPs stand with respect to there conformance to the spec.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Regards<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">John Bradley<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On 2-Apr-09, at 8:31 PM, Peter Williams wrote:<o:p></o:p></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br><o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">So what is the community position on OPs who implement non standard features (e.g. ciphersuites) and require RPs to use them when interworking with that OP?<br><br>All parties in openid are peers and anyone of them would, could, and should set politics that will impacts its peers. But my assumption was that the peers would mandate features within the standard interworking set.<br><br><br><br><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">-----Original Message-----<o:p></o:p></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">From:<span class="Apple-converted-space"> </span><a href="mailto:general-bounces@openid.net" style="color: blue; text-decoration: underline; ">general-bounces@openid.net</a><span class="Apple-converted-space"> </span>[<a href="mailto:general-bounces@openid.net" style="color: blue; text-decoration: underline; ">mailto:general-bounces@openid.net</a>] On<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Behalf Of John Bradley<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Sent: Thursday, April 02, 2009 8:09 PM<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">To:<span class="Apple-converted-space"> </span><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Subject: Re: [OpenID] My 2 Cents to the OpenID foundation<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Martin,<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Myspace supports HMAC-SHA256 and DH-SHA256 for openID 2.0 in my<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">testing.<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">If they have a openID 2.0 interop issue please let me know and I will<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">attempt to capture it in an OSIS interop test. However I am not<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">seeing a problem with there associations, or anything else on a quick<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">look.<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Regards<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">John Bradley<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Prepared outgoing AssociateDiffieHellmanRequest (2.0) message for<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="http://api.myspace.com/openid" style="color: blue; text-decoration: underline; ">http://api.myspace.com/openid</a><o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">:<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.dh_modulus:<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">+YkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi/<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI+XUkKJX8Fvf8W8vsixYOr<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.dh_gen: Ag==<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.dh_consumer_public:<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">TNFXwmU9QTifKkmklQzq/ubOjdCjL5sHvm0SBy<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">+EbzM1ACH6leuq/MU8EGLNFHIRGW+pgzD8QNOrdymx7bYfUNoCgvhZUmzgZx<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">+Cxf3n9ZMepUEFVvwFFkj0Irv63JBYzy9TrGhMJoXHp09NEdMJ5RO0oPSJPLZZySq/<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">FWNF5Qg=<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.assoc_type: HMAC-SHA256<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.session_type: DH-SHA256<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.mode: associate<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> openid.ns:<span class="Apple-converted-space"> </span><a href="http://specs.openid.net/auth/2.0" style="color: blue; text-decoration: underline; ">http://specs.openid.net/auth/2.0</a><o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Processing incoming AssociateDiffieHellmanResponse (2.0) message:<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> dh_server_public: AKFvVHZ4LpjD+EkqDiJps36/<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">gWUI5N4WYBLg23TM0vIBdsaWgrq4s5BMmBO5Z7C+PygwSOmuzQNsn<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">+<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">fGd68a2sUuxQj9iIOls1ofnlCsXIzGQr8gt4aW0ZDjZs8hcypA9d3xetINIsTxQYi6GC8wJ<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">0fvVzu5so0TtlaITqCKQ6pI<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> enc_mac_key: hSkCJoXCmmQnnUTe0T2yGGerEmv/LbJ54dEymarLj4A=<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> assoc_handle: {{HMAC-SHA256}{1238725530.30107}{XCfj0g==}<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> assoc_type: HMAC-SHA256<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> session_type: DH-SHA256<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> expires_in: 1209599<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> ns:<span class="Apple-converted-space"> </span><a href="http://specs.openid.net/auth/2.0" style="color: blue; text-decoration: underline; ">http://specs.openid.net/auth/2.0</a><o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On 2-Apr-09, at 4:23 PM,<span class="Apple-converted-space"> </span><a href="mailto:general-request@openid.net" style="color: blue; text-decoration: underline; ">general-request@openid.net</a><span class="Apple-converted-space"> </span>wrote:<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Date: Thu, 02 Apr 2009 12:08:56 -0700<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">From: Martin Atkins <<a href="mailto:mart@degeneration.co.uk" style="color: blue; text-decoration: underline; ">mart@degeneration.co.uk</a>><o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Subject: Re: [OpenID] My 2 Cents to the OpenID foundation<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">To:<span class="Apple-converted-space"> </span><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Message-ID: <<a href="mailto:49D50D48.8030709@degeneration.co.uk" style="color: blue; text-decoration: underline; ">49D50D48.8030709@degeneration.co.uk</a>><o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Content-Type: text/plain; charset=ISO-8859-1; format=flowed<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">santrajan wrote:<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">myspace signatures are SHA512 not in Openid specs. The dont support<o:p></o:p></div></blockquote></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">SHA1 and<o:p></o:p></div></blockquote></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">SHA256.<o:p></o:p></div></blockquote></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Ahh. This explains the interop problems with various sites I tried.<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I guess they're getting this support from DotNetOpenId, which<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">supports<o:p></o:p></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">DH-SHA512.<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">It'd be good if MySpace could at least also enable SHA256 for interop<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">with compliant OpenID 2.0 implementations. (Though I'm aware of at<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">least a few implementations that currently only support SHA-1, but<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">that's certainly a problem since SHA-1 has been broken.)<o:p></o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></blockquote></blockquote><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div></div></div></span></blockquote></div><br></div></body></html>