HMAC-256 vs HMAC-SHA256 for openid.assoc_type
Manger, James H
James.H.Manger at team.telstra.com
Wed Oct 31 04:48:59 UTC 2007
Is the correct value for the openid.assoc_type parameter really “HMAC-256”, and not “HMAC-SHA256”? That is what the spec (draft 12) says, though it is somewhat counter-intuitive given the algorithm is named “HMAC-SHA256” and the other algorithm “HMAC-SHA1” uses the same string for the algorithm name and assoc_type value.
Googling for "assoc_type=HMAC-SHA256" finds 5 results (from 3 code bases?).
Googling for "assoc_type=HMAC-256" finds none.
http://openid.net/specs/openid-authentication-2_0-12.html#assoc_types
“8.3.2. HMAC-SHA256
An association of type "HMAC-256" uses the HMAC-SHA256 (Signature Algorithms) signature algorithm.”
More information about the specs
mailing list