cachability of delegated identity URLs / Consumer-Server comms

Brad Fitzpatrick brad at
Thu Jun 9 08:52:55 PDT 2005

On Thu, 9 Jun 2005, Paul Crowley wrote:

> Ken Horn wrote:
> > Isn't re-request the replacement path? On the DSA flow (dare I call it
> > version 1? :), every time I started my process it used fresh keys --
> > worked fine.
> Best to call it version 0, I suspect.  That version makes it explicit
> that the DSA keys can be cached, and it doesn't say for how long.

In defense of version 0, and my Perl implementation of it, it worked like

  if (DSA public key cached) {
        if (signature verifies)
            return GOOD
  fetch and cache public key
  if (signature verifies)
      return GOOD
      return FAIL

So you could change your public key any time you wanted.

- Brad

More information about the yadis mailing list