OpenID status update
Jean-Luc Delatre
jld at club-internet.fr
Fri Jun 3 01:40:04 PDT 2005
Brad Fitzpatrick wrote:
>I don't have the necessary crypto background to do this on my own, and
>all my code/work is essentially done at this point, so I'm doing all I
>can to not push this live on LiveJournal /tonight/.
>
>
Yes indeed!
What's the point of spreading Yet Another Crock?
http://it.slashdot.org/comments.pl?sid=150061&cid=12580113
I don't agree *at all* with that rush forward.
There is no shortage of lousy software all over the place.
I would much prefer that enough time be given to Paul Crowley to review
the protocol with added contributions from list members.
I do agree with some of your points like no encryption in the core and
not sending private keys in the clear.
I don't have the necessary crypto background either but I try to educate
myself :
http://dimacs.rutgers.edu/Workshops/Security/program2/boyd/final.html
The fact that a protocol is difficult to understand does not mean that
it is diffcult to implement, the availability of proper
packages/libraries has more impact.
Cheers,
JLD
P.S. I have trouble with current test trials on livejournal, it appears
that some parameters names get mangled
in the returned page like 'openid_assert_identity' instead of
'openid.assert_identity', how's that?
More information about the yadis
mailing list