shared secret alternative to DSA

Paul Crowley paul at
Mon Jun 6 00:43:57 PDT 2005

Jean-Luc Delatre wrote:
> You assume that this key is bound to the server, it could be per user.

I like it even more, but doing their own PK management is beyond the 
majority of OpenID users.  I hope it gets implemented someday, and I 
hope that clients get written that make it easy for the users, but it 
can wait for another protocol revision - it's not hard to make it work 
where both consumer and server support it, while falling back where they 

> Still rambling about "secrets in the clear", what about an SKEY scheme:

The author has re-invented Lamport's one-time signatures.  A recent 
scheme along these lines would be

This is a neat scheme, but the signatures are huge.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list