Improving OpenIDs use of cryptography 1 - using a MAC

Brad Fitzpatrick brad at
Thu Jun 2 11:35:29 PDT 2005

On Thu, 2 Jun 2005, Paul Crowley wrote:

> Brad Fitzpatrick wrote:
> > Somewhat related, Ben Trott brought up using Diffie-Hellman for shared
> > secret exchange, rather than trusting that connections can't be sniffed.
> > Thoughts on that? I don't know enough about it, like how much p and g can
> > be re-used.  I also haven't thought up who would generate p/g and what the
> > HTTP requests would look like.
> I can't see any point in this.  We already agree that an active attack
> is the most likely sort, and they will have no difficulty breaking this
> measure, so it would introduce enormous complexity in the implementation
> to very little gain.

I was hoping you'd say that.

- Brad

More information about the yadis mailing list