Field separators

Paul Crowley paul at
Sun Jun 5 16:48:01 PDT 2005

Brad Fitzpatrick wrote:
> I'd have to spend some time reading before I'd understand it.  I'll hope
> you side towards the simplest thing necessary for our requirements and
> then maybe I won't have to do any more reading.  :-)  Let me know if I do,
> though.

It's pretty simple.  Just choose x and y to be less than q, rather than 
less than p, and everything else stays the same.

We could do without but it's warm fuzzies for the cryptographer at 
little cost here...

> So maybe change:
>    # openid.auth_type = 'hmac-sha1'
> Into:
>    # openid.auth_type = 'hmac'
>    # openid.hash_pref = 'sha256,tiger,sha1'

Or just
      openid.auth_pref = 'hmac-sha1,hmac-tiger,ecdsa-sha256'

in the call to get_authkey.  But I think this is making things too 
complex.  Consumers should just call get_authkey for their favourite 
auth type, and try again with their next favourite if it's not supported.

I've updated the spec to include these latest changes, and added dumb 
consumer mode.

How will you move to the new protocol?  Should the code that implements 
the new protocol attempt to be backward compatible with existing 
servers/consumers?  It's certainly possible to write backwards 
compatible code, but I'd be inclined to set a cutoff date after which LJ 
won't support the old protocol and support will be removed from the CPAN 
modules, to make sure people don't assume it will be around forever.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list