shared secret alternative to DSA

Paul Crowley paul at ciphergoth.org
Mon Jun 6 00:43:57 PDT 2005


Jean-Luc Delatre wrote:
> You assume that this key is bound to the server, it could be per user.

I like it even more, but doing their own PK management is beyond the 
majority of OpenID users.  I hope it gets implemented someday, and I 
hope that clients get written that make it easy for the users, but it 
can wait for another protocol revision - it's not hard to make it work 
where both consumer and server support it, while falling back where they 
don't.

> Still rambling about "secrets in the clear", what about an SKEY scheme:
> 
> http://www.derkeiler.com/Newsgroups/sci.crypt/2003-03/0694.html
> http://www.derkeiler.com/Newsgroups/sci.crypt/2003-03/0767.html

The author has re-invented Lamport's one-time signatures.  A recent 
scheme along these lines would be http://eprint.iacr.org/2002/014

This is a neat scheme, but the signatures are huge.
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/


More information about the yadis mailing list