IRC Log for #openid on 2007-04-05

Timestamps are in UTC.

  1. [00:01:18] * fajro_at_work (n=fajro@OL104-24.fibertel.com.ar) Quit (Connection timed out)
  2. [00:04:21] * fajro_at_work (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  3. [00:08:38] * PatF (i=Patrick@nat/novell/x-96e34797a4f9dc8f) has left #openid
  4. [00:25:49] * factoryjoe (n=factoryj@65.87.23.35) has joined #openid
  5. [00:28:20] * cygnus (n=cygnus@www.cprogrammer.org) Quit ("Leaving.")
  6. [00:34:07] * factoryjoe (n=factoryj@65.87.23.35) Quit ()
  7. [00:38:09] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  8. [00:38:54] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) Quit (Remote closed the connection)
  9. [00:40:50] * m3nt0r^ (n=mail@p509000DF.dip0.t-ipconnect.de) has joined #openid
  10. [00:42:59] * rgl (n=Rui@84.90.10.107) Quit (Read error: 110 (Connection timed out))
  11. [01:00:22] * m3nt0r (n=mail@p50903c44.dip0.t-ipconnect.de) Quit (Success)
  12. [01:05:56] * m3nt0r^ (n=mail@p509000DF.dip0.t-ipconnect.de) Quit ("( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de )")
  13. [01:25:25] * timphnode (n=tim@adsl-69-152-170-240.dsl.kscymo.swbell.net) has joined #openid
  14. [01:28:11] * KevinMarks (i=KevinMar@nat/google/x-95ff6ec940187c28) Quit ("The computer fell asleep")
  15. [01:34:06] * j31 (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 113 (No route to host))
  16. [01:37:52] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) Quit ()
  17. [01:39:48] <VxJasonxV> how interesting
  18. [01:39:50] <VxJasonxV> some civility
  19. [01:39:54] <VxJasonxV> trel1023, *poke*
  20. [01:45:03] <VxJasonxV> Someone needs to be here to laugh with me :)
  21. [01:52:32] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) has joined #openid
  22. [03:38:43] * fajro_at_work is now known as fajro_at_home
  23. [03:45:27] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) Quit ()
  24. [03:46:26] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) has joined #openid
  25. [03:47:16] * cote_ (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) has joined #openid
  26. [04:02:54] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) Quit (Connection timed out)
  27. [04:04:20] * nfolson (n=nfolson@CPE-76-177-177-204.natsoe.res.rr.com) has joined #openid
  28. [04:13:53] * nfolson (n=nfolson@CPE-76-177-177-204.natsoe.res.rr.com) Quit ()
  29. [04:41:19] * cote_ (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) Quit ()
  30. [04:57:00] * gregh_ (i=gregh@dazed.notslacker.com) has joined #openid
  31. [05:09:56] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  32. [05:35:57] * fajro_at_home is now known as fajro
  33. [05:40:04] * ianloic_ (n=ian@adsl-68-122-124-103.dsl.pltn13.pacbell.net) has joined #openid
  34. [05:43:33] <ianloic_> hey, I'm looking for a more detailed description of openID than http://www.openidenabled.com/openid/openid-protocol without having to read the specs?
  35. [05:46:37] <GabeW> there's stuff here: http://openid.net/about.bml
  36. [05:48:05] <ianloic_> GabeW, thanks!
  37. [05:55:35] <ianloic_> GabeW, should all servers be able to handle smart mode clients? do clients need to be able to degrade to dumb mode?
  38. [05:55:57] <GabeW> i don't know off the top of my head
  39. [05:57:41] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  40. [06:12:30] <ianloic_> I *so* can't keep all of openid in my head
  41. [06:27:35] * fajro is now known as fajro_z_z_z
  42. [06:31:13] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 148 (No route to host))
  43. [06:50:36] * terrell (n=trel1023@cpe-066-057-014-057.nc.res.rr.com) has joined #openid
  44. [06:58:32] * trel1023 (n=trel1023@cpe-066-057-014-057.nc.res.rr.com) Quit (Read error: 110 (Connection timed out))
  45. [07:13:11] * bortzmeyer (i=bortzmey@batilda.nic.fr) has joined #openid
  46. [07:17:44] * KevinMarks (n=Snak@h-68-164-93-9.snvacaid.dynamic.covad.net) has joined #openid
  47. [07:34:22] * shigeta_ (n=shigeta@124.32.114.226) has joined #openid
  48. [07:48:44] * ianloic_ (n=ian@adsl-68-122-124-103.dsl.pltn13.pacbell.net) Quit (Read error: 110 (Connection timed out))
  49. [07:52:23] * shigeta (n=shigeta@124.32.114.226) Quit (Read error: 110 (Connection timed out))
  50. [08:21:32] * rgl (n=Rui@84.90.10.107) has joined #openid
  51. [08:21:55] * rgl (n=Rui@84.90.10.107) Quit (Client Quit)
  52. [08:33:20] * jimmyjazz (n=root@82.152.243.93) has joined #openid
  53. [08:33:47] * jimmyjazz (n=root@82.152.243.93) Quit (Client Quit)
  54. [08:48:57] * cizra (n=cizra@gw.tdng.ttu.ee) has joined #openid
  55. [08:49:13] * cizra (n=cizra@gw.tdng.ttu.ee) has left #openid
  56. [09:13:06] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) has joined #openid
  57. [10:58:37] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) has joined #openid
  58. [11:08:42] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  59. [11:11:35] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  60. [12:34:48] * AdamPilorz (n=adampilo@bdq92.neoplus.adsl.tpnet.pl) has joined #openid
  61. [12:56:01] * __chris (n=chris@unaffiliated/redlined) has joined #openid
  62. [13:05:20] <AdamPilorz> Hello, I've got another question about using OpenID as authenticating method - is it better to create my own session system, and treat OpenID just as login and password in conventional script, or rather use OpenID as session system and use it to identify user every time he opens a subpage? I believe that the second solution would be more secure (it depends on security of OpenID library),...
  63. [13:05:22] <AdamPilorz> ...however it can be slower (OpenID server would have to answer every time) and probably annoying, while user won't give OpenID provider acceptance for lifetime authentication. What is your suggestion?
  64. [13:05:58] * shigeta_ (n=shigeta@124.32.114.226) Quit ("Leaving...")
  65. [13:22:58] <terrell> sessions
  66. [13:23:08] <terrell> perhaps with a relatively short timeout
  67. [13:23:16] <terrell> if you feel the need
  68. [13:25:19] * fajro_z_z_z is now known as fajro_ar_work
  69. [13:34:31] * cote (n=cote@adsl-71-145-165-166.dsl.austtx.sbcglobal.net) has joined #openid
  70. [13:51:34] <AdamPilorz> It's no exactly that my service is super important and needs improved security, just another mechanism is potentially another place, where the mistake can be made :).
  71. [13:51:37] <AdamPilorz> So, if I'
  72. [13:52:25] <AdamPilorz> I'm creating sessions system, I don't need to authenticate every 5 minutes with OpenID :)
  73. [13:58:21] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  74. [13:59:01] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  75. [13:59:15] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit (Remote closed the connection)
  76. [14:04:23] * idnar (i=mithrand@unaffiliated/idnar) Quit (Read error: 60 (Operation timed out))
  77. [14:06:11] * idnar (n=mithrand@unaffiliated/idnar) has joined #openid
  78. [14:09:56] * vmlemon (n=vmlemon@unaffiliated/vmlemon) has joined #openid
  79. [14:10:40] <vmlemon> Hi, when I try and sign into the OpenID login form at http://www.openidenabled.com with my OpenID server installation, it always returns AssertionError,
  80. [14:11:17] <vmlemon> I am using latest version of the PHP OpenID module
  81. [14:48:17] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  82. [15:11:24] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) Quit (Read error: 110 (Connection timed out))
  83. [15:32:01] * PatF (n=Patrick@c-24-10-171-142.hsd1.ut.comcast.net) has joined #openid
  84. [15:35:26] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 60 (Operation timed out))
  85. [15:58:42] * bignose (n=bignose@eth595.vic.adsl.internode.on.net) Quit (Read error: 110 (Connection timed out))
  86. [16:08:22] * vmlemon (n=vmlemon@unaffiliated/vmlemon) has left #openid
  87. [16:15:48] * bortzmeyer (i=bortzmey@batilda.nic.fr) has left #openid
  88. [16:27:13] * Prometheus^ (n=Promethe@cs181170022.pp.htv.fi) has joined #openid
  89. [16:41:03] * ianloic_ (n=ian@adsl-68-122-124-103.dsl.pltn13.pacbell.net) has joined #openid
  90. [16:51:34] * __chris (n=chris@unaffiliated/redlined) Quit ()
  91. [16:55:25] * hober (n=ted@unaffiliated/hober) has joined #openid
  92. [16:57:21] * hober (n=ted@unaffiliated/hober) has left #openid
  93. [17:05:20] * ianloic_ (n=ian@adsl-68-122-124-103.dsl.pltn13.pacbell.net) Quit (Read error: 145 (Connection timed out))
  94. [17:18:59] * ianloic (n=ian@bat.yakk.net) has joined #openid
  95. [17:23:54] * rgl (n=Rui@84.90.10.107) has joined #openid
  96. [17:23:57] <rgl> hello
  97. [17:53:16] * epeus (i=KevinMar@nat/google/x-d3ac7bd27e71218b) has joined #openid
  98. [18:04:20] * KevinMarks (n=Snak@pdpc/supporter/active/kevinmarks) Quit (Nick collision from services.)
  99. [18:04:38] * epeus is now known as KevinMarks
  100. [18:16:10] * tylerr (n=tylerr@outbound.wa1.ascentium.com) has joined #openid
  101. [18:16:44] <tylerr> Hi folks. Just found out about this stuff and interested in getting myself one. Any top recommended OpenID servers?
  102. [18:22:25] * KevinMarks (i=KevinMar@pdpc/supporter/active/kevinmarks) Quit ("The computer fell asleep")
  103. [18:28:37] <terrell> well, mostly, the ones who made them are here in the room - so you're going to get biased answers
  104. [18:28:53] <chowells79> Can I give a biased answer anyway?
  105. [18:29:14] <chowells79> Actually, there's one non-biased answer I can give...
  106. [18:29:15] <terrell> as long as you delegate - you can change your mind later :)
  107. [18:29:34] <chowells79> If you own your own domain, you can delegate, and... terrell beat me to the punch. :)
  108. [18:29:40] <terrell> yay
  109. [18:30:56] <chowells79> Here's a fairly significant list of existing providers: http://openid.net/wiki/index.php/OpenIDServers
  110. [18:31:13] <chowells79> Err.. significant isn't what I meant... How about "long"?
  111. [18:31:43] <chowells79> And here's a description of the delegation business: http://openid.net/wiki/index.php/Delegation
  112. [18:34:29] <_keturn> terrell: will you recommend MyOpenID if I recommend ClaimID? ;)
  113. [18:34:46] * _keturn has no problems with recommending ClaimID in any case
  114. [18:34:53] <terrell> that's kind of like reverse payola or something
  115. [18:35:36] <terrell> i recommend myopenid.com - they are writing the libraries themselves you know....
  116. [18:35:59] <terrell> but definitely add it to your claimID.com account
  117. [18:36:08] <tylerr> Lovely thank you. Sorry was busy with a task.
  118. [18:37:57] <tylerr> Okay so we have myopenid for the actual registering and claimid for the managing?
  119. [18:38:13] <chowells79> Well, the services have different overall goals, I think.
  120. [18:39:02] <terrell> claimid is about presenting yourself online - managing the links out there about you
  121. [18:39:10] <terrell> openid is part of that goal
  122. [18:39:11] <tylerr> Ah lovely.
  123. [18:43:17] <tylerr> What would be the purpose of having multiple OpenIDs?
  124. [18:44:05] <_keturn> well, some RPs will let you log in to one account using either one, just in case one of your providers goes up in smoke
  125. [18:44:35] <_keturn> otherwise having multiple OpenIDs tends to lead from exactly the same sort of too-many-account confusion that many of us want OpenID to help us get away from ;)
  126. [18:44:36] <tylerr> Ah righto.
  127. [18:45:08] <_keturn> (this is why I am not-a-fan of all the wikis and things that want to have built-in OpenID providers)
  128. [18:45:23] <tylerr> So in theory, having two would be enough, one primary and the other as backup.
  129. [18:45:49] <terrell> again, with the delegation - if you decide you like one more than another - switching doesn't 'cost' you anything in terms of the breadcrumbs you've already left around
  130. [18:46:05] <terrell> because the openid you've used is actually you're own URL
  131. [18:46:24] <tylerr> Sure.
  132. [18:46:26] <terrell> which masks the 'provider' account you used to authenticate
  133. [18:49:44] <tylerr> Perfect, thanks for the help everyone!
  134. [18:54:03] <terrell> make us sound smart when you share :)
  135. [18:54:31] <ianloic> _keturn, seriously! the last thing I want is another identity provider
  136. [18:55:22] <ianloic> hey, can someone explain how the non-recommended stateless mode works? I've been reading the 2.0 draft 11 doc and I'm confused
  137. [18:56:51] <_keturn> do you understand what the check_authentication method does?
  138. [18:58:05] <ianloic> _keturn, only sort of
  139. [18:58:15] <_keturn> ok
  140. [18:58:36] <_keturn> so, in stateless mode, you have no association, no shared secret with the provider beforehand
  141. [18:59:14] <_keturn> so when you receive the id_res response, it comes with a signature and an assoc_handle, but you can't do anything with that assoc_handle locally
  142. [18:59:37] * ianloic nods.
  143. [19:00:07] <_keturn> so you echo the entire message to the provider -- only this time, over a direct request from the RP to the Provider, not through the user agent, and ask them if that message is valid or not
  144. [19:00:28] <_keturn> (with the check_authentication request)
  145. [19:00:49] <ianloic> aha, and the Provider says "yeah, that was me"
  146. [19:01:03] <_keturn> right
  147. [19:01:59] <_keturn> (and hopefully, in addition to "yeah, that was me", the assertion also implies that "yes, this is the first time that message has been validated and you are not subject to a replay attack")
  148. [19:02:14] <ianloic> *grin*
  149. [19:02:26] <_keturn> that second bit was sort of implementation-dependent in OpenID 1.x, the 2.0 spec is stricter about saying what servers should do with replayed messages there.
  150. [19:02:49] <ianloic> what's the state of 2.0 implementation? Is everyone still using 1.x?
  151. [19:03:01] <ianloic> (ie: if I'm building something is it valid to assume 2.0 everywhere)
  152. [19:04:33] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
  153. [19:04:33] <jibot> cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
  154. [19:05:58] <_keturn> you'll want to stay 1.x compatible for a while to come, I think
  155. [19:06:13] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) Quit ("ChatZilla 0.9.78 [Firefox 2.0.0.3/0000000000]")
  156. [19:06:30] <_keturn> 2.0 libs are showing up in a few languages now, but I'm not sure anything's actually using them in production yet
  157. [19:07:00] <ianloic> ok
  158. [19:07:41] <ianloic> how different are they? Should I go back and read the 1.x specs or if I'm thinking in terms of 2.0 will I just need to make a few adjustments for 1.x
  159. [19:08:15] <_keturn> there's a big "compatibility notes for 1.1" toward the end of the OpenID 2.0 spec
  160. [19:08:23] <ianloic> ahh nice!
  161. [19:08:28] <ianloic> I'll read through that
  162. [19:08:32] <_keturn> the spec authors' intent is that is sufficient
  163. [19:09:04] <_keturn> are you implementing from scratch, or working with an existing implementation?
  164. [19:09:07] <ianloic> who are the spec authors anyway?
  165. [19:09:09] <rgl> cygnus, so how will you workaround PHP dot-to-underscore quirk? will you parse the query string by "hand"?
  166. [19:09:30] <ianloic> I'm thinking about bastarized reuse of aspects of the protocol
  167. [19:09:53] <cygnus> rgl: more or less. I'm going to bypass the standard $_GET/$_POST machinery.
  168. [19:10:02] <cygnus> rgl: but that will be transparent to the library user.
  169. [19:10:32] <_keturn> ianloic: is that what we usually call an "extension", or ... ?
  170. [19:10:48] <ianloic> _keturn, it may take the form of an extension
  171. [19:11:22] <ianloic> _keturn, I'm thinking about how to use OpenID identities beyond the scope of web apps
  172. [19:11:50] <rgl> cygnus, you will do it by hand, or use an existing lib for the parsing?
  173. [19:12:10] <cygnus> rgl: by hand, because there is no "existing lib" for parsing (and indeed it's trivial)
  174. [19:12:49] <ianloic> _keturn, if I wanted to screw around on talking to openID servers is my best bet grabbing the python library and messing about in the python shell?
  175. [19:13:05] <rgl> cygnus, OK. I think the HTTP extension does it.
  176. [19:13:09] <cygnus> rgl: in particular, I can't use PHP's parse_str() because it, too, is affected by the same insanity that renders $_GET and $_POST useless
  177. [19:13:19] <cygnus> HTTP extension? you mean PEAR?
  178. [19:13:19] <rgl> cygnus, yeah :D
  179. [19:13:28] <_keturn> ianloic: that sounds like a pretty reasonable thing to do, yeah
  180. [19:14:11] <rgl> cygnus, its a pecl extension. I never used it, but read about it on the php manual at: http://php.net/http
  181. [19:14:18] <cygnus> oh.
  182. [19:14:33] <cygnus> well, that's basically out of the question unless it's integrated without fail into every PHP starting with 4.3.0. :)
  183. [19:14:46] <_keturn> ianloic: have you seen GabeW's post on "OpenID for Desktop Clients"?
  184. [19:15:02] <rgl> cygnus, ah no. I think its a PHP5 thing.
  185. [19:15:17] <cygnus> ah, even more out of the question, then. :(
  186. [19:16:30] <cygnus> rgl: are you on the dev list?
  187. [19:16:36] <rgl> cygnus, ok. I'm very interesting in having this parsing thing working. do you have some initial code/test cases?
  188. [19:16:59] <rgl> cygnus, As of today I am. :D
  189. [19:17:21] <rgl> cygnus, I've read you email from the archive, like, 10 mins ago. :D
  190. [19:17:49] <cygnus> rgl: I have code, but have not written test cases. are you writing your own library? (the code is only useful for the OpenID 2 library; the OpenID 1 library uses a different hack that works well enough.)
  191. [19:18:05] <cygnus> although *technically* it is useful for both.
  192. [19:18:29] * PatF (n=Patrick@c-24-10-171-142.hsd1.ut.comcast.net) has left #openid
  193. [19:18:38] <rgl> cygnus, I'k writting my own provider (and I don't want to look at any of existing providers codes, at least, not at this point *G*)
  194. [19:19:02] <rgl> cygnus, yes. I'm writting my lib.
  195. [19:19:19] <cygnus> ok.
  196. [19:19:44] <rgl> cygnus, the first thing I noticed when I started to implement the code, I noticed this lame PHP quirck :/
  197. [19:20:08] * cygnus grumbles
  198. [19:20:09] <cygnus> get used to it. :)
  199. [19:20:45] <_keturn> oh yeah
  200. [19:20:59] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  201. [19:20:59] <_keturn> rgl: you explained already why you are writing your own lib
  202. [19:21:26] <_keturn> have you explained yet about the PHP? ;)
  203. [19:22:29] <rgl> _keturn, I'm "stuck" with it, because this is for integrating in a existing codebase that uses php.
  204. [19:23:27] <_keturn> ah, hadn't heard about the integration
  205. [19:25:27] <rgl> can you explain why there is a need for "encrypting" the mac_key instead of using the DH shared secret as a mac_key?
  206. [19:29:34] * cweiske (n=cweiske@dslb-088-074-159-127.pools.arcor-ip.net) has joined #openid
  207. [19:31:31] <cweiske> I am trying to use the openid server example that is shipped with the PHP OpenID library from openidenabled.com and having massive problems (redirected to a previously authenticated site and such). is that normal?
  208. [19:32:33] <_keturn> rgl: something to do with the different properties of DH and HMAC-SHA... unfortunately I can't explain it well myself
  209. [19:32:53] <ianloic> _keturn, I have not, but I'd better go google it
  210. [19:34:07] <rgl> _keturn, you known if this was discussed in some of the lists? or better, how can explain it? :)
  211. [19:34:18] <rgl> err s,how,who,
  212. [19:38:23] <j3h> rgl: chowells79 might know more
  213. [19:43:23] <rgl> I'll nag him :D
  214. [19:43:57] <rgl> chowells79, do you want to be nagged? :D
  215. [19:44:38] * veeliam (n=veeliam@207.111.252.10) has joined #openid
  216. [19:47:13] * cweiske (n=cweiske@dslb-088-074-159-127.pools.arcor-ip.net) has left #openid
  217. [19:54:52] <chowells79> I honestly don't know
  218. [19:54:59] <chowells79> that came from ciphergoth
  219. [19:55:03] <chowells79> Uhh... paul... uh...
  220. [19:55:23] <chowells79> Paul Crowly
  221. [19:55:29] <chowells79> *Crowley
  222. [19:55:39] <chowells79> He said it had something to do with the random oracle test
  223. [19:57:25] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) Quit (Excess Flood)
  224. [19:57:54] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  225. [20:04:59] <chowells79> http://lists.danga.com/pipermail/yadis/2005-June/001006.html
  226. [20:05:05] <chowells79> this thread mentions is..
  227. [20:05:11] <chowells79> But there's never a direct discussion
  228. [20:05:13] <rgl> random oracle test? whats that? :D
  229. [20:05:23] <chowells79> it's my poor memory. :)
  230. [20:05:44] <chowells79> The full phrase had something to do with the proof of security working in the random oracle model
  231. [20:08:01] <rgl> chowells79, oh, I never heard of that before *G*
  232. [20:08:13] <rgl> chowells79, I supposed its something ilke this http://en.wikipedia.org/wiki/Random_oracle_model ?
  233. [20:08:20] <chowells79> yes
  234. [20:08:55] <rgl> you known how can I reach Paul Crowley?
  235. [20:09:03] <chowells79> ciphergoth.com
  236. [20:09:09] <chowells79> err
  237. [20:09:11] <chowells79> .org
  238. [20:09:15] <chowells79> ciphergoth.org
  239. [20:11:14] <chowells79> I *think*, reading between the lines, that he wanted to minimize the number of assumptions being made
  240. [20:11:53] <chowells79> and hashing the DH results allows him to prove security without any assumptions about the DH process itself.
  241. [20:13:00] <chowells79> The only necessary assumption is, instead, the quality of the hash function
  242. [20:13:30] <chowells79> ... Of course, while there are known problems with sha-1, it's still the best widely available option, and the protocol flow allows for other options when they become available.
  243. [20:18:19] <rgl> I've asked this to my teacher too. And he responded something like: if both parties don't generate a new DH key-pair on each association, that is, they reuse the same key-pair, there could be some problems. and that was the reason for always generating a random mac_key and xor with it. I though it made sense.
  244. [20:18:41] <rgl> err and xor with the DH shared secret.
  245. [20:19:47] <rgl> thou, your explanation doesn't seem to be inline with that *G*
  246. [20:21:03] <chowells79> err.. "doesn't ... inline"...
  247. [20:21:14] <chowells79> Is that actually what you meant? :)
  248. [20:22:20] <rgl> I mean, the teacher explanation doesn't seem to be the same has the one you are talking about
  249. [20:22:29] <chowells79> Ah, no they're not.
  250. [20:22:57] <chowells79> I suspect the teacher misunderstood the application, though, as the same secret should never be re-transmitted.
  251. [20:25:48] <rgl> humm, maybe I'm not getting the english right :(
  252. [20:26:19] <chowells79> I think you're communicating fine.. I may not be making perfect sense, though. :)
  253. [20:27:54] <rgl> the teacher want do infer that with the same key-pairs, the shared secret woul be the same. which is bad, so there is a random mac_key generation to add entropy.
  254. [20:28:17] <chowells79> Hmm. That much is true...
  255. [20:28:30] <chowells79> However, choosing the same key pairs should be *hard*
  256. [20:28:58] <chowells79> As each party chooses one of the two values, the space is quite large, and they *should* be using a good random source.
  257. [20:29:11] <rgl> this leads to another question. both parties should always generate a new key-pair for each association?
  258. [20:29:21] <chowells79> yes, absolutely.
  259. [20:29:37] <chowells79> Re-use is very dangerous, in this case.
  260. [20:30:46] <rgl> so, his explanation doesn't make much sense, since I'm always generating new keys for new associations. this leaves the original question unanwsered :/
  261. [20:31:48] <rgl> I'll ask Paul Crowley :D
  262. [20:32:05] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) has joined #openid
  263. [20:32:23] <rgl> I guess he was the one that participated on the "security" part of OpenID?
  264. [20:42:58] <chowells79> Yeah, very early on, he was the only trained cryptographer consulting on the project. :)
  265. [20:45:15] <rgl> there were more? or the security remained the same as os OID 1.1?
  266. [20:45:24] <ianloic> I'm not a cryptologist but I play one on television!
  267. [20:47:40] <rgl> so, you are an actor? :D
  268. [21:03:12] <chowells79> And what tv show features a cryptologist? 'cause... I'd watch it. :)
  269. [21:27:21] <VxJasonxV> lol
  270. [21:30:28] <VxJasonxV> there was that X-Files spin off
  271. [21:30:42] <VxJasonxV> I don't remember what it was called, but it was a show about computer geeks
  272. [21:37:13] <chowells79> Lone Gunmen
  273. [21:37:21] <chowells79> I watched the first episode... It was pretty bad.
  274. [21:56:21] * KevinMarks (i=KevinMar@nat/google/x-9106e59314d7153e) has joined #openid
  275. [21:58:32] * AdamPilorz (n=adampilo@bdq92.neoplus.adsl.tpnet.pl) Quit ("ChatZilla 0.9.78 [Firefox 2.0.0.3/2007030919]")
  276. [22:50:15] * fajro_ar_work (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  277. [22:52:49] * fajro_ar_work (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  278. [23:23:27] * rgl (n=Rui@84.90.10.107) Quit ("Leaving")
  279. [23:44:22] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Read error: 104 (Connection reset by peer))
  280. [23:44:49] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  281. [23:45:23] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Connection reset by peer)
  282. [23:45:49] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  283. [23:46:22] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Read error: 54 (Connection reset by peer))
  284. [23:46:49] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  285. [23:47:05] * pfw (n=pfw@c210-49-9-246.carlnfd3.nsw.optusnet.com.au) has joined #openid
  286. [23:47:13] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Read error: 54 (Connection reset by peer))
  287. [23:47:41] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  288. [23:48:25] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Read error: 104 (Connection reset by peer))
  289. [23:48:53] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  290. [23:51:34] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Connection reset by peer)
  291. [23:52:01] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  292. [23:53:43] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (Read error: 54 (Connection reset by peer))
  293. [23:54:09] * Cody`macbook (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.