Improving OpenIDs use of cryptography 1 - using a MAC
paul at ciphergoth.org
Thu Jun 2 11:31:27 PDT 2005
Brad Fitzpatrick wrote:
> Somewhat related, Ben Trott brought up using Diffie-Hellman for shared
> secret exchange, rather than trusting that connections can't be sniffed.
> Thoughts on that? I don't know enough about it, like how much p and g can
> be re-used. I also haven't thought up who would generate p/g and what the
> HTTP requests would look like.
I can't see any point in this. We already agree that an active attack
is the most likely sort, and they will have no difficulty breaking this
measure, so it would introduce enormous complexity in the implementation
to very little gain.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis