DH Support and Marketing

Paul Crowley paul at ciphergoth.org
Wed Jun 22 23:47:22 PDT 2005

On Wed, 2005-06-22 at 19:56 -0500, Nathan D. Bowen wrote:
> If consumers have the option to request cleartext key exchanges, a 
> server can't protect its keys from eavesdroppers without occasionally 
> turning away spec-compliant consumers (or dropping the cash for SSL).
> If servers have the option to ignore a request for encryption, a 
> consumer can't protect all its servers' keys without occasionally 
> turning away spec-compliant servers.

The security of the whole authentication process will be determined by
whichever is least secure of the server and the consumer.  That's
unavoidable.  If attackers can break into either of those machines and
read the keys from the hard drive, for example, then the security is

In practice, I anticipate that nearly all servers and consumers will
support and use DH.  If a server doesn't support it, they must have a
reason for it: perhaps they're operating in some very constrained
environment that makes DH support very difficult.  I don't want to rule
out such servers from participating in OpenID when the security gains
from using DH are so marginal.

If a consumer is really concerned about it, as Brian Smith observes they
can use dumb mode for those servers that don't support DH.
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list