shared secret alternative to DSA
Paul Crowley
paul at ciphergoth.org
Mon Jun 6 00:43:57 PDT 2005
Jean-Luc Delatre wrote:
> You assume that this key is bound to the server, it could be per user.
I like it even more, but doing their own PK management is beyond the
majority of OpenID users. I hope it gets implemented someday, and I
hope that clients get written that make it easy for the users, but it
can wait for another protocol revision - it's not hard to make it work
where both consumer and server support it, while falling back where they
don't.
> Still rambling about "secrets in the clear", what about an SKEY scheme:
>
> http://www.derkeiler.com/Newsgroups/sci.crypt/2003-03/0694.html
> http://www.derkeiler.com/Newsgroups/sci.crypt/2003-03/0767.html
The author has re-invented Lamport's one-time signatures. A recent
scheme along these lines would be http://eprint.iacr.org/2002/014
This is a neat scheme, but the signatures are huge.
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list