IRC Log for #openid on 2007-03-13

Timestamps are in UTC.

  1. [00:09:14] * punter (n=punter@ipa146.28.91.tellas.gr) has joined #openid
  2. [00:09:50] <punter> Does checkid_setup need a nonce?
  3. [00:10:04] <punter> (The spec doesn't mention at that point)
  4. [00:10:59] <_keturn> it's good practice for a 1.1 rp to include a nonce in the reply_to to avoid replay attacks. In 2.0, the server will include a nonce in the id_res reply.
  5. [00:12:05] <punter> ok, one more question
  6. [00:12:22] <punter> a function based solely on $time, that's not a nonce is it?
  7. [00:13:21] * PatF (i=Patrick@nat/novell/x-ae77c73b94b25363) Quit (Read error: 110 (Connection timed out))
  8. [00:13:49] <_keturn> it's a nonce as long as you only accept one message with that exact value.
  9. [00:13:56] <punter> ...because $time will be the time at which the visitor was sent to IdP, not the time at which the visitor returns to the consumer website
  10. [00:14:51] <punter> Ok, I'm trying to create a completely stateless, with no writes to the hard disk or the database - that's not possible is it?
  11. [00:15:44] <punter> I'm just trying to make a "hello john.blogspot.com" (after verifying his openid first) application that doesn't need to write anything to my hard disk
  12. [00:15:47] <punter> that's not possible is it?
  13. [00:16:16] <_keturn> I don't think it's possible to avoid replay attacks without storing some state, no.
  14. [00:23:22] <punter> Ok, one more: nonces are needed for smart mode only or for both?
  15. [00:23:35] <punter> (this is the last one)
  16. [00:24:04] <punter> (I'm having this question because the openid provider I'm testing with, doesn't need nonces in dumb mode)
  17. [00:24:20] <punter> (But I wonder if that's true for all servers)
  18. [00:25:24] <punter> It's not in the spec, so I guess it's necessary for both modes.
  19. [00:25:28] <punter> k
  20. [00:25:31] <punter> bye :-)
  21. [00:27:04] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 113 (No route to host))
  22. [00:31:04] * daleolds (n=daleolds@137.65.132.58) has left #openid
  23. [00:33:38] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  24. [00:59:39] * punter (n=punter@ipa146.28.91.tellas.gr) Quit ()
  25. [01:01:17] * aconbere|work (n=aconbere@mail.geonerco.com) Quit ("Lost terminal")
  26. [01:29:14] * KevinMarks (i=KevinMar@pdpc/supporter/active/kevinmarks) Quit ("The computer fell asleep")
  27. [02:00:00] * j3h (n=j3h@c-24-21-174-195.hsd1.or.comcast.net) has joined #openid
  28. [02:01:47] * shigeta_ (n=shigeta@124.32.114.226) has joined #openid
  29. [02:10:19] * shigeta (n=shigeta@124.32.114.226) Quit (Read error: 60 (Operation timed out))
  30. [02:32:38] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  31. [02:37:38] * idnar (i=mithrand@unaffiliated/idnar) has joined #openid
  32. [03:06:30] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
  33. [04:20:07] * KevinMarks (n=Snak@h-68-164-94-70.snvacaid.dynamic.covad.net) has joined #openid
  34. [05:11:02] * gchaix (n=gchaix@osuosl/staff/gchaix) Quit (brown.freenode.net irc.freenode.net)
  35. [05:11:22] * gchaix (n=gchaix@osuosl/staff/gchaix) has joined #openid
  36. [06:04:10] * cote (n=cote@71.145.171.207) Quit ()
  37. [06:44:00] * nightfreak (n=odeiko@p57A0F170.dip.t-dialin.net) has joined #openid
  38. [07:24:33] * quellhorst_ (n=pro@cpe-24-175-28-132.houston.res.rr.com) has joined #openid
  39. [07:48:30] * nightfreak_ (n=odeiko@p57A0DCF3.dip.t-dialin.net) has joined #openid
  40. [08:01:02] * mm2000 (n=sebastia@h34n1fls32o888.telia.com) has joined #openid
  41. [08:06:00] * nightfreak (n=odeiko@p57A0F170.dip.t-dialin.net) Quit (Read error: 110 (Connection timed out))
  42. [08:24:58] * drewinthehead (i=mclellan@nat/yahoo/x-ec71b76041a6820a) has joined #openid
  43. [08:40:52] <mm2000> Hello, anyone here that uses phpMyOpenID ?
  44. [08:50:45] * niekie (n=niekie@cc725705-a.roden1.dr.home.nl) has joined #openid
  45. [09:04:19] * m3nt0r (n=mail@p50902398.dip0.t-ipconnect.de) has joined #openid
  46. [09:19:21] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  47. [09:19:29] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
  48. [09:20:39] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  49. [09:26:05] * bortzmeyer (i=bortzmey@batilda.nic.fr) has joined #openid
  50. [09:27:44] * m3nt0r^ (n=mail@p50902398.dip0.t-ipconnect.de) has joined #openid
  51. [09:27:59] * mm2000 (n=sebastia@h34n1fls32o888.telia.com) Quit (Read error: 110 (Connection timed out))
  52. [09:30:56] * m3nt0r (n=mail@p50902398.dip0.t-ipconnect.de) Quit (Read error: 104 (Connection reset by peer))
  53. [09:47:56] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  54. [09:48:06] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  55. [09:48:07] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  56. [10:04:21] * niekie (n=niekie@cc725705-a.roden1.dr.home.nl) Quit (Read error: 113 (No route to host))
  57. [10:39:34] * xlarrydrebes (n=xlarrydr@c-71-193-195-92.hsd1.or.comcast.net) has joined #openid
  58. [11:39:02] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) has joined #openid
  59. [11:40:42] <bricas> a quick, possibly stupid question. I'm playing around with a test openid server on my localhost -- there's likely no way to test it with any public openid consumers, i assume? In order to test it, would i need a mock consumer on my localhost as well?
  60. [11:44:01] <bortzmeyer> Yes
  61. [12:35:59] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 145 (Connection timed out))
  62. [12:43:10] * shigeta_ (n=shigeta@124.32.114.226) Quit ("Leaving...")
  63. [12:48:10] * idnar (i=mithrand@unaffiliated/idnar) Quit (Nick collision from services.)
  64. [12:48:18] * idnar_ (i=mithrand@unaffiliated/idnar) has joined #openid
  65. [12:49:26] * idnar_ is now known as idnar
  66. [13:31:49] * nightfreak__ (n=odeiko@p57A0DCF3.dip.t-dialin.net) has joined #openid
  67. [13:40:43] * cote (n=cote@adsl-71-145-171-207.dsl.austtx.sbcglobal.net) has joined #openid
  68. [13:49:12] * nightfreak_ (n=odeiko@p57A0DCF3.dip.t-dialin.net) Quit (Read error: 110 (Connection timed out))
  69. [13:54:25] * punter (n=punter@ipa146.28.91.tellas.gr) has joined #openid
  70. [13:59:23] * redondos (n=redondos@190.48.2.237) has joined #openid
  71. [13:59:36] <redondos> Hello. Can you please tell me what's wrong with the metadata on my page, twat.com.ar ?
  72. [13:59:42] <redondos> I can't login anywhere.
  73. [14:04:05] * xlarrydrebes (n=xlarrydr@c-71-193-195-92.hsd1.or.comcast.net) Quit ()
  74. [14:05:44] <bortzmeyer> redondos: it looks OK. On what sites did you test it?
  75. [14:06:24] <redondos> Zooomr.com Ficlets Menuism.. some example sites I found on a directory
  76. [14:06:44] <redondos> Can you recommend me some other one?
  77. [14:07:03] <bortzmeyer> Try http://www.livejournal.com/
  78. [14:08:07] <bortzmeyer> Or, more funny, http://jyte.com/*
  79. [14:08:15] <bortzmeyer> (The star is a typo)
  80. [14:09:06] <redondos> Hm. Something is definitely wrong: Unable to find your OpenID server.
  81. [14:09:32] <redondos> My server's instructions for using my web site are at https://getopenid.com/action/domore/
  82. [14:13:04] <bortzmeyer> Ooops, the checker got it:
  83. [14:13:06] <bortzmeyer> <!-- OpenID --!>
  84. [14:13:22] <bortzmeyer> That's not a proper comment (it should en with -->
  85. [14:13:29] <redondos> ah!
  86. [14:13:35] <bortzmeyer> Always check your HTML
  87. [14:13:39] <redondos> Doh!! :)
  88. [14:13:58] <redondos> it works
  89. [14:14:05] <redondos> Thanks a million, bortzmeyer.
  90. [14:14:14] <redondos> Sorry for the sillyness.
  91. [14:14:24] <redondos> Anyway, where can I find information for setting up an OpenID server?
  92. [14:14:26] <bortzmeyer> Send 1,000,000 $ to my account (bank info follows)
  93. [14:14:30] <redondos> :]
  94. [14:14:55] <bortzmeyer> http://openid.net/wiki/index.php/Libraries
  95. [14:18:20] <redondos> thanks
  96. [14:26:32] * redondos (n=redondos@190.48.2.237) Quit (Read error: 104 (Connection reset by peer))
  97. [14:29:31] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  98. [14:45:23] * cote (n=cote@adsl-71-145-171-207.dsl.austtx.sbcglobal.net) Quit ()
  99. [15:25:02] * cote (n=cote@198.214.235.21) has joined #openid
  100. [15:32:43] * PatF (i=Patrick@nat/novell/x-da73773f26a552c0) has joined #openid
  101. [15:35:30] * j3h (n=j3h@c-24-21-174-195.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  102. [15:43:38] * SamRose (n=chatzill@c-71-206-125-50.hsd1.mi.comcast.net) has joined #openid
  103. [15:51:57] * aconbere|work (n=aconbere@mail.geonerco.com) has joined #openid
  104. [16:12:47] * bortzmeyer (i=bortzmey@batilda.nic.fr) has left #openid
  105. [16:36:45] * cote (n=cote@198.214.235.21) Quit ()
  106. [16:36:52] * KevinMarks (n=Snak@pdpc/supporter/active/kevinmarks) Quit ("bye")
  107. [16:44:21] * cote (n=cote@198.214.235.21) has joined #openid
  108. [17:00:41] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
  109. [17:04:32] * nightfreak__ (n=odeiko@p57A0DCF3.dip.t-dialin.net) Quit ("Ex-Chat")
  110. [17:11:22] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) Quit ("Chatzilla 0.9.77 [Firefox 2.0.0.2/0000000000]")
  111. [17:14:55] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  112. [17:30:21] * gchaix (n=gchaix@osuosl/staff/gchaix) Quit ("leaving")
  113. [17:31:06] * gchaix (n=gchaix@osuosl/staff/gchaix) has joined #openid
  114. [17:35:36] * gchaix (n=gchaix@osuosl/staff/gchaix) Quit (Client Quit)
  115. [17:36:37] * gchaix (n=gchaix@osuosl/staff/gchaix) has joined #openid
  116. [17:37:00] * drewinthehead (i=mclellan@nat/yahoo/x-ec71b76041a6820a) Quit (Read error: 60 (Operation timed out))
  117. [17:39:15] * cote (n=cote@198.214.235.21) Quit ()
  118. [17:50:00] * daleolds (i=daleolds@nat/novell/x-626e17087f7c888c) has joined #openid
  119. [17:59:36] * KevinMarks (i=KevinMar@nat/google/x-157f864becc10fdd) has joined #openid
  120. [17:59:37] * punter (n=punter@ipa146.28.91.tellas.gr) Quit ()
  121. [18:06:16] * cote_ (n=cote@198.214.235.21) has joined #openid
  122. [18:23:38] * cote_ (n=cote@198.214.235.21) Quit (Read error: 145 (Connection timed out))
  123. [18:25:43] * SamRose (n=chatzill@c-71-206-125-50.hsd1.mi.comcast.net) Quit (Success)
  124. [18:29:51] * cote (n=cote@209-30-141-130.ded.swbell.net) has joined #openid
  125. [18:49:47] * SamRose (n=chatzill@c-71-206-125-50.hsd1.mi.comcast.net) has joined #openid
  126. [19:32:59] * tav (n=tav@82.153.198.163) Quit (Read error: 60 (Operation timed out))
  127. [19:35:31] * tav (n=tav@82.152.253.115) has joined #openid
  128. [19:41:29] * m3nt0r (n=mail@p50904090.dip0.t-ipconnect.de) has joined #openid
  129. [19:45:25] * cote (n=cote@209-30-141-130.ded.swbell.net) Quit ()
  130. [19:48:22] * m3nt0r^ (n=mail@p50902398.dip0.t-ipconnect.de) Quit (Read error: 60 (Operation timed out))
  131. [19:52:26] * tav (n=tav@82.152.253.115) Quit (Read error: 145 (Connection timed out))
  132. [19:55:47] * tav (n=tav@91.84.122.247) has joined #openid
  133. [19:57:31] * KevinMarks (i=KevinMar@nat/google/x-157f864becc10fdd) Quit ("The computer fell asleep")
  134. [20:02:41] * cote (n=cote@198.214.235.21) has joined #openid
  135. [20:14:08] * KevinMarks (i=KevinMar@nat/google/x-3da9dd2c6997f270) has joined #openid
  136. [20:19:25] * hober (n=ted@unaffiliated/hober) has joined #openid
  137. [20:26:49] * tav_ (n=tav@82.153.77.226) has joined #openid
  138. [20:27:22] * cote (n=cote@198.214.235.21) Quit ()
  139. [20:33:20] * tav (n=tav@91.84.122.247) Quit (Read error: 110 (Connection timed out))
  140. [20:47:51] * tav (n=tav@82.152.98.209) has joined #openid
  141. [21:06:40] * tav_ (n=tav@82.153.77.226) Quit (Connection timed out)
  142. [21:07:20] * KevinMarks (i=KevinMar@nat/google/x-3da9dd2c6997f270) Quit ("The computer fell asleep")
  143. [21:08:38] * daleolds (i=daleolds@nat/novell/x-626e17087f7c888c) has left #openid
  144. [21:10:57] * KevinMarks (i=KevinMar@nat/google/x-88c9553dd9ed0578) has joined #openid
  145. [21:15:03] * SamRose (n=chatzill@c-71-206-125-50.hsd1.mi.comcast.net) Quit ("Chatzilla 0.9.77 [Firefox 2.0.0.2/2007021917]")
  146. [21:18:33] * cote (n=cote@198.214.235.21) has joined #openid
  147. [21:31:53] * cote (n=cote@198.214.235.21) Quit ()
  148. [21:48:21] * robertj (n=robertj@66-168-215-105.dhcp.athn.ga.charter.com) Quit ("Ex-Chat")
  149. [22:08:53] * tav_ (n=tav@82.153.143.140) has joined #openid
  150. [22:16:01] * tav (n=tav@82.152.98.209) Quit (Read error: 110 (Connection timed out))
  151. [22:19:00] * tav_ (n=tav@82.153.143.140) Quit (Read error: 145 (Connection timed out))
  152. [22:20:10] * tav (n=tav@82.152.199.243) has joined #openid
  153. [22:20:22] * quellhorst_ is now known as quellhorst
  154. [22:32:25] * cote (n=cote@adsl-71-145-171-207.dsl.austtx.sbcglobal.net) has joined #openid
  155. [22:43:42] * bitsweat (n=jeremy@c-71-59-252-187.hsd1.or.comcast.net) has joined #openid
  156. [22:47:47] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) has joined #openid
  157. [23:06:07] <VxJasonxV> Could I get someone to proofread something for me?
  158. [23:06:30] <VxJasonxV> someone involved in the development of OpenID preferably. (Development being Libraries and large sites are valid, not just spec authors)
  159. [23:06:31] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
  160. [23:20:43] * epeus (n=KevinMar@207.47.10.130.static.nextweb.net) has joined #openid
  161. [23:23:22] * KevinMarks (i=KevinMar@nat/google/x-88c9553dd9ed0578) Quit (Read error: 145 (Connection timed out))
  162. [23:23:55] * epeus (n=KevinMar@207.47.10.130.static.nextweb.net) Quit (Client Quit)
  163. [23:37:53] * SimonW (n=simon@dyn-62-56-93-68.dslaccess.co.uk) has joined #openid
  164. [23:38:07] <SimonW> is there any way around the requirement for bc and/or gmp to do OpenID in PHP?
  165. [23:38:49] <j3h> SimonW: use stateless (dumb) mode only, and you don't need to do big integer math
  166. [23:39:09] <SimonW> that's only good for consumers though isn't it?
  167. [23:39:19] <SimonW> you can't be a provider without big integer maths
  168. [23:39:22] * cygnus nods
  169. [23:39:33] <cygnus> a server that can't make associations is broken
  170. [23:39:36] <j3h> If you do associations without diffie-hellman, then you don't need big math
  171. [23:40:22] <j3h> that is OK if you use transport-layer encryption for doing the associations (HTTPS)
  172. [23:41:52] <SimonW> here's a crazy idea... would it be totally stupid to set up a web service somewhere that can do the big integer maths required for OpenID?
  173. [23:42:28] <SimonW> I suppose it would have to talk https, which means that PHP installs that can't make HTTP requests over HTTPS will be left out again
  174. [23:42:31] <j3h> you'd be giving the secrets to that service
  175. [23:42:57] <SimonW> my concern is that 90% of the Web runs on PHP, and a ton of those sites won't be able to install extra extensions
  176. [23:43:15] <SimonW> which could severely hinder OpenID adoption by developers
  177. [23:43:18] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  178. [23:43:27] <cygnus> actually, we have not had a big problem with that.
  179. [23:43:31] <cygnus> most people at least have bcmath.
  180. [23:43:32] <SimonW> I'm working on the open source OpenID server plugin for WordPress MU at the moment
  181. [23:43:35] <cygnus> and by most, I mean 99%.
  182. [23:43:38] <SimonW> (based on the code that runs on wordpress.com)
  183. [23:43:48] <SimonW> cygnus: that's good to hear
  184. [23:43:49] <j3h> if the server absolutely must avoid big integer math, the server could give out associations that it never used (always fall back to dumb mode, regardless of the association)
  185. [23:45:00] <j3h> I think that embedding OpenID servers into applications is a bad practice in general, because then the application needs to beef up security and implement anti-phishing measures, or else the users are exposed to more attacks
  186. [23:45:00] <SimonW> I have to admit I haven't experimented with dumb mode yet
  187. [23:45:06] <SimonW> it injects an extra HTTP request in to the flow
  188. [23:45:07] <cygnus> SimonW: it's true that some people really *are* unable to do anything about absent math support, particularly people using $1/century fly-by-night hosting providers.
  189. [23:45:21] <SimonW> is that a request between consumer and provider, or does it require another HTTP redirect for the client?
  190. [23:45:29] <cygnus> no redirect; it's direct by design
  191. [23:45:32] <j3h> In general, I think it's a good idea to run a stand-alone OpenID server if it's not an option to have the provider services hosted elsewhere
  192. [23:46:23] <SimonW> that's a good point - it's not like there aren't enough openid providers already
  193. [23:46:27] <SimonW> the real problem is consumers
  194. [23:46:49] <SimonW> and provided that falling back in to dumb mode is completely transparent from the POV of the developer implementing OpenID it's really not such a big deal
  195. [23:46:55] <cygnus> yep
  196. [23:47:23] <cygnus> now if you fall back to dumb mode all the time, something might be going on. or maybe you just like dumb mode, I dunno.
  197. [23:47:54] <SimonW> thanks for the insight
  198. [23:47:54] <cygnus> (actually, I'd be more alarmed by intermittent dumb mode fallback.)
  199. [23:48:44] <SimonW> so the one thing that I'd really love is a rock solid set of debugging tools
  200. [23:49:28] <SimonW> I still can't get my wordpress.com OpenID to work with http://test2.phpbb.cc/
  201. [23:49:35] <SimonW> totally stumped as to what the problem is
  202. [23:49:40] * epeus (i=KevinMar@nat/google/x-e6ad86a9c0cbe77c) has joined #openid
  203. [23:50:13] <cygnus> yikes.
  204. [23:50:16] <cygnus> appears to have worked for me.
  205. [23:50:19] <cygnus> what are the symptoms for you?
  206. [23:50:31] <SimonW> what works for you?
  207. [23:50:48] <cygnus> logging into that site by typing "cygnus.myopenid.com" into the insanely-named "Username/OpenID" box
  208. [23:51:48] <SimonW> yup, that works for me with everything except my *.wordpress.com OpenIDs
  209. [23:51:58] <SimonW> so it seems to be a bug in my WordPress code
  210. [23:52:04] <SimonW> but it works on every other site I've tried it with
  211. [23:52:41] <SimonW> and I'm really not doing anything special in there at all - it's a straightforward hook in to the JanRain PHP library
  212. [23:53:15] * cygnus cheers.
  213. [23:53:23] <cygnus> hm.
  214. [23:53:28] <cygnus> what's your wordpress.com OpenID?
  215. [23:53:50] <cygnus> (jeez, you'd think that with all the email going around lately, I'd be asking for your private personal information...)
  216. [23:53:53] <SimonW> http://swillison.wordpress.com/
  217. [23:54:06] <SimonW> passes the tests on openidenabled.com fine
  218. [23:54:52] <cygnus> I can't remember. Is phpbb.cc using a home-grown OpenID implementation?
  219. [23:55:42] * hober (n=ted@unaffiliated/hober) Quit ("ERC Version 5.1.3 (IRC client for Emacs)")
  220. [23:55:55] <cygnus> I don't think it is...
  221. [23:55:56] <SimonW> not sure... damnian says it works with every other server he's tried
  222. [23:56:16] * cygnus wonders if its consumer code is choking on your openid.server's ?openidserver=1 bit.
  223. [23:57:23] <SimonW> ooh, good point
  224. [23:57:30] <SimonW> it makes it through the redirect to my server
  225. [23:58:19] <cygnus> hmm
  226. [23:58:35] <cygnus> so I'm going to assume he's running our code.
  227. [23:58:42] <SimonW> when I click "yes, share my identity" I get bounced back and the phpBB thing says "Server denied check_authentication"
  228. [23:58:55] <cygnus> ugh
  229. [23:59:17] <cygnus> has he offered no effort to log precisely what the OpenID library is trying to do when it reports that error?
  230. [23:59:24] <cygnus> sadly, in the 1.2.1 release and prior, that error could mean one of a few things.
  231. [23:59:45] <SimonW> does the current svn version have better error messages?
  232. [23:59:49] * aconbere|work (n=aconbere@mail.geonerco.com) Quit ("Lost terminal")
  233. [23:59:59] <SimonW> I could ask him to upgrade it and see if we get something more useful

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.