On Tue, 2007-03-27 at 00:55 -0700, Johnny Bufu wrote: > > I've been thinking about how the RP can supply DH parameters to the > > OP, and was wondering if any discussion has occurred about whether to > > include language in the spec about how OPs should do validation of the > > DH params that get sent to them.
I wondered the same thing when implementing that bit myself. But I thought that such validation might be potentially expensive (e.g. checking for safe primes) and that if there *were* bad values in there, it would only harm the RP that chose those values. So there should probably be some basic sanity checking in the RP's library, but in the end, if an RP goes out of their way to use non-default values, they should know what they're doing. _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
