this is a general web-programming question

Dear monks,

Assume web application Example.com has no ssl certificate and doesn't want one. But would still like to share a secret with the visitor
(like for generating nonces, so that sniffing session cookie doesn't give an attacker the visitor's rights).

Q1: Do you see a way to exchange such a secret during OpenID login?
Assuming the OpenID provider uses ssl.

Q2: If it is not possible (like I think), what other ways do you see?
My idea is to start a dedicated, open web service, that will have an SSL certificate, and will let the client share a secret with specified service. A Catalyst controller could look like this: 

sub index :Private {
  my ($self, $c) = @_;
  my $secret = random_string();
  my $other_side = $c->req->params->{other_side};
  my $res = $lwp_ua->get("$other_side?secret=$secret");
  if ($res->is_success) {
    $c->response->body($secret);
  }
}

[download]

Ideas? Does this already exist? Sorry for posting such a non-Perl-specific question / rambling.

use strict; use warnings; print "Just Another Perl Hacker\n";

In reply to sharing secret without ssl by Sixtease

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.