[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft
Actually, the per-user information can even be public information
provided that it’s different for different users and *a secret value*
is included as an input to the computation. For instance, if the computation
was the following: PPID = CryptographicHash(ClientPseudonym + PerUserInfo
+ Secret); even if the secret was the same for all users, provided it was
known only to the IdP and never disclosed, the PPID would still have all the
security properties we want it to have. --
Mike From: John Bradley
[mailto:jbradley@mac.com] Yes, Not disclosed to RPs, Cardholders or anyone else. The question is how much detail we need in the spec itself
for a SHOULD. As long as the spec is clear I am OK with the long form of
the explanation of this being in the accompanying document. John B. On 18-Feb-09, at 11:07 PM, Michael McIntosh wrote:
John Bradley <jbradley@mac.com> wrote on 02/18/2009
08:51:08 PM: |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]