Request for comments: Sorting fields in signature generation - Call for votes
Dick Hardt
dick at sxip.com
Wed Sep 27 19:29:40 UTC 2006
On 27-Sep-06, at 12:20 PM, Josh Hoyt wrote:
> On 9/27/06, Marius Scurtescu <marius at sxip.com> wrote:
>> please keep in mind that we are not asking for some fancy new
>> technology or feature, just conformance with a very basic an wide
>> spread convention of handling parameters in HTTP/HTML.
This issue was brought up because the signing algorithm assumes there
is only one parameter of a given name.
If the SIGNALL algorithm took all the name / value pairs and sorted
them by byte order, then concatenated them, this would not be an
issue. If there is a need for multiple parameters in a message in the
future, it can be done, and this algorithm means the openid.signed
parameter is not needed. That would seem to be a simpler algorithm
and solution.
More information about the specs
mailing list