Jason Fritcher pointed out in a thread on the openid4java list that there may be a security issue with the way the DH session is established:
> I've been thinking about how the RP can supply DH parameters to the > OP, and was wondering if any discussion has occurred about whether to > include language in the spec about how OPs should do validation of the > DH params that get sent to them. A few quick checks of the modulus > like primality checking and possibly enforcing the use of safe primes. > It might also be good to check the supplied generator to make sure it > is valid for the supplied modulus. I'm no where close to being being a > crypto guru, but I wrote a Secure Remote Password implementation and > after the research I did for that, not checking the DH params in the > OP seems like a weakness. I might just be overly paranoid here and > OpenID really doesn't need that level of security, but I thought I'd > ask. <http://groups.google.com/group/openid4java/browse_thread/thread/ f96a7b68bb15272d/c9f0f1a85e3372cc#c9f0f1a85e3372cc> I am not a security expert either, but this seems a valid point to me. Can someone with deeper crypto knowledge please confirm / infirm? I think we should either mention that the OP SHUOLD perform such validation, or at least mention the possible eavesdropping attack in the security considerations section. Thanks, Johnny _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
