Stuff we've discussed on IRC.
Posted by ats at 2006-12-22 01:04
"Is it just me or are these newfangled web protocols both much harder to learn and much more poorly specified than traditional internet protocols?"
No, it's not just you.
The OpenID spec is incredibly poorly-written.
Bad English, obvious typos, terms used before they're defined, no examples given, and so on.
There's no discussion of the impact of DNS spoofing, which is why this sort of thing usually isn't secure.
And the cryptographic details seem to be given in terms of Perl modules, which doesn't really inspire me with confidence.