public key request
Clarke, Trevor
tclarke at ball.com
Tue May 24 10:49:54 PDT 2005
Currently, opened.bml?openid.mode=getpubkey returns a DSA pubkey in
SSLeay format. This should probably be changed. This is a deprecated
compat format which has some issues....mostly, it has no hash or
signature associated with it so it's easy to exploit a know DSA flaw.
(replacing 2 of the parameters, getting a signature, deducing the
private key from the result). It should really give an x509 cert (which
would allow DSA or RSA). These are also much easier to work with as most
DSA libraries don't support SSLeasy format PEM public keys (just sslway
and openssl AFAIK and many openssl wrappers don't support it). Could lj
start exporting a cert instead of a DSA pubkey? It's pretty easy to do
so with openssl...there are many recipes on the net for creating
self-signed certs.
------------------------------
Trevor R.H. Clarke
tclarke at ball com <mailto:tclarke at ball.com>
Ball Aerospace & Technologies Corp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20050524/88f68963/attachment.htm
More information about the yadis
mailing list