On 16-Oct-06, at 2:44 PM, Josh Hoyt wrote:

> On 10/16/06, Recordon, David <[EMAIL PROTECTED]> wrote:
>> 6.1 Signed List Algorithm
> [...]
>> I'm thinking it would make sense to
>> change this algorithm to first alphabetically sort the arguments  
>> to make
>> it very clear in terms of ordering.
> I think it's a good idea to say that the signed list MUST be generated
> by the IdP in that order. Then signature *verification* is compatible
> with OpenID 1's algorithm. Unless there is objection, I'll do this.

Sorting of unicode strings while not terrible hard it is not trivial  
either. Why bother? The list of signed fields gives an explicit  
ordering, this is good enough IMO.

Why would be an alphabetically sorted list better?


specs mailing list

Reply via email to