secret/secret_handle format/restrictions
Brad Fitzpatrick
brad at danga.com
Tue Jun 7 17:30:48 PDT 2005
Can we get some clarifications on the allowed lengths/formats of various
fields?
For secret and secret_handle, I wrote in my Perl docs:
The handle and secret must both be ASCII, 255 characters or less,
and not contain whitespace.
Now, in the DH case it doesn't matter as much about secret, because it's
hashed anyway, but it does matter for the secret_handle and the secret in
non-DH mode.
Also:
# openid.enc_secret = H(gx ^ y mod p) XOR secret(handle)
Should actually be:
# openid.enc_secret = base64(H(gx ^ y mod p) XOR secret(handle))
Paul, can you update specs throughout for all this sort of stuff? I'm
actually working right off the spec, as any other implementor would, not
from searching this mailing list.
Thanks,
Brad
More information about the yadis
mailing list