secret/secret_handle format/restrictions

Brad Fitzpatrick brad at
Tue Jun 7 17:30:48 PDT 2005

Can we get some clarifications on the allowed lengths/formats of various

For secret and secret_handle, I wrote in my Perl docs:

   The handle and secret must both be ASCII, 255 characters or less,
   and not contain whitespace.

Now, in the DH case it doesn't matter as much about secret, because it's
hashed anyway, but it does matter for the secret_handle and the secret in
non-DH mode.


    # openid.enc_secret = H(gx ^ y mod p) XOR secret(handle)

Should actually be:

    # openid.enc_secret = base64(H(gx ^ y mod p) XOR secret(handle))

Paul, can you update specs throughout for all this sort of stuff?  I'm
actually working right off the spec, as any other implementor would, not
from searching this mailing list.


More information about the yadis mailing list