Improving OpenIDs use of cryptography 1 - using a MAC
Brad Fitzpatrick
brad at danga.com
Thu Jun 2 11:35:29 PDT 2005
On Thu, 2 Jun 2005, Paul Crowley wrote:
> Brad Fitzpatrick wrote:
> > Somewhat related, Ben Trott brought up using Diffie-Hellman for shared
> > secret exchange, rather than trusting that connections can't be sniffed.
> > Thoughts on that? I don't know enough about it, like how much p and g can
> > be re-used. I also haven't thought up who would generate p/g and what the
> > HTTP requests would look like.
>
> I can't see any point in this. We already agree that an active attack
> is the most likely sort, and they will have no difficulty breaking this
> measure, so it would introduce enormous complexity in the implementation
> to very little gain.
I was hoping you'd say that.
- Brad
More information about the yadis
mailing list