Improving OpenIDs use of cryptography 2 - lifespans
paul at ciphergoth.org
Wed Jun 1 19:49:47 PDT 2005
Everything needs an explicit lifespan. You shouldn't assume a key will
stay secret forever, and explicitness is the watchword for secure
cryptographic protocols - see Anderson and Needham, "Programming Satan's
The identity tokens that the ID server produces should include explicit
expiry times. And the authentication keys used to sign or MAC them must
also have expiry times. The least of these should be used by the client
as the expiry time of the token.
Giving the keys expiry times introduces a complication in the protocol.
Currently we state that we expect the token to be signed by "the" DSA
key for the identity server. However, if we're to avoid trouble when
these tokens expire, a given server must support several authentication
keys with overlapping lifetimes, which means that the consumer should
state which key it expects the server to use when signing the token.
This change is in any case necessary for the change to MACs.
Overlapping keys also means that as well as expiry times, keys need
"recommended replacement times", after which consumers are recommended
to fetch a new key from the server ASAP.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis