key checks

Brad Fitzpatrick brad at danga.com
Mon May 23 11:33:15 PDT 2005


On Mon, 23 May 2005, Imran Ghory wrote:

> some random ideas about verifying the keys of the id server:
>
> 1) The consumer should send (via the user) the fingerprint it holds
> for the ID server keys, that way the ID server will know (and be able
> to keep track) if something like DNS poisoning has occured or if a
> consumer has obtained a dodgy key.

If DNS poisoning occured, it's the hijacked ID server that'll be getting
the fingerprint, which means it can do whatever it wants, and I bet
telling the consumer that it's been owned isn't high on its list.

> 2) As an extension of the above idea, if the fingerprint it gets is
> for an old key then it should send a reply with the old key but also a
>  signed notice saying "I have a new key this is its fingerprint". This
> would give some level of security for when id servers change key.

The keys change so rarely that I'm counting on this logic:

  if (check signature with DSA public key from cache) {
       return GOOD;
  } else if (check signature with DSA public key, not cached) {
       return GOOD;
  } else {
       return BAD;
  }


>
> Imran
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>
>


More information about the yadis mailing list