DH Support Optional on Servers?

Nathan D. Bowen nbowen+yadis at andtonic.com
Mon Jun 20 19:18:57 PDT 2005

I seem to remember non-DH sessions being allowed only to save some 
processing when associating over SSL, but as it stands, the spec makes 
it sound like DH is never required:

    If the server does not support DH, they may ignore the DH fields
    in the request and reply exactly as to a non-DH request.

Is this correct? Servers are not required to support DH at all, and a 
consumer requesting a DH session is only suggesting the use of DH, 
regardless of whether the connection is otherwise protected from 

More information about the yadis mailing list