Proposed Specification for New Consumer-Server Commnunications

Brad Fitzpatrick brad at
Thu Jun 9 15:39:44 PDT 2005

On Thu, 9 Jun 2005, Paul Crowley wrote:

> Brad Fitzpatrick wrote:
> > I'd like to call it "shared_secret" to distinguish from the server-only
> > secrets, and to make it more clear that both parties have that
> > shared_secret.
> I slightly prefer mac_secret, since it's possible to imagine that future
> protocols might include other secrets.  Or come to think of it, mac_key,
> which is even more straightforward and even shorter.
> Thanks for continuing to push for this sort of thing, it's making a
> better protocol in a way that will last.  Brad, you let us know when
> you're tired of changing your Perl code and we'll call a halt to it :-)

You have 1 week and 3 days, then it's frozen.  (when I get back from

At that time, on Monday morning Jun 20th US/Pacific, I'll click forward
through the diffs on the wiki and implement what's there.  (Assuming
nothing's confusing or controversial...)

> > I don't like gx and gy either.  server_public and consumer_public sound
> > great.
> Done.  Also done the POST thing.

I should reply to emails after I've read all my existing inbox.  Cool.

You guys should start a new thread and debate error handling next.  (error
handling that's not security-related, but server-error/config related)

- Brad

More information about the yadis mailing list