On 16-Oct-06, at 2:44 PM, Josh Hoyt wrote: > On 10/16/06, Recordon, David <[EMAIL PROTECTED]> wrote: >> 6.1 Signed List Algorithm > [...] >> I'm thinking it would make sense to >> change this algorithm to first alphabetically sort the arguments >> to make >> it very clear in terms of ordering. > > I think it's a good idea to say that the signed list MUST be generated > by the IdP in that order. Then signature *verification* is compatible > with OpenID 1's algorithm. Unless there is objection, I'll do this.
Sorting of unicode strings while not terrible hard it is not trivial either. Why bother? The list of signed fields gives an explicit ordering, this is good enough IMO. Why would be an alphabetically sorted list better? Marius _______________________________________________ specs mailing list firstname.lastname@example.org http://openid.net/mailman/listinfo/specs