cachability of delegated identity URLs / Consumer-Server comms
Brad Fitzpatrick
brad at danga.com
Thu Jun 9 08:52:55 PDT 2005
On Thu, 9 Jun 2005, Paul Crowley wrote:
> Ken Horn wrote:
> > Isn't re-request the replacement path? On the DSA flow (dare I call it
> > version 1? :), every time I started my process it used fresh keys --
> > worked fine.
>
> Best to call it version 0, I suspect. That version makes it explicit
> that the DSA keys can be cached, and it doesn't say for how long.
In defense of version 0, and my Perl implementation of it, it worked like
this:
if (DSA public key cached) {
if (signature verifies)
return GOOD
}
fetch and cache public key
if (signature verifies)
return GOOD
else
return FAIL
So you could change your public key any time you wanted.
- Brad
More information about the yadis
mailing list