Preventing replay attacks

Carl Howells chowells at janrain.com
Thu Sep 8 15:16:42 PDT 2005


One thing the current version of schtuff.com's python openid library 
does not handle itself is preventing replay attacks on the consumer. 
Currently, that has to be handled by the user of the library.  That is, 
of course, not optimal for users of the library, as it requires thinking 
about how to solve it, when there's almost always a single best solution.

We will be updating our libraries soon to use nonces to prevent replay 
attacks, both in normal operation (consumer issues the nonces) and in 
dumb mode (server issues the nonces, as the consumer is expected to 
maintain no state about openID).

While going over the spec to confirm that our intended behavior didn't 
violate it, we actually found very little reference to replay attacks. 
While using nonces to is mentioned once, very little behavior regarding 
what to do about replay attacks is actually specified.

I'd like to suggest that some notes be added to the spec regarding 
replay attacks, to make it more clear to implementers that they need to 
be both aware and concerned.

I think the specification should make a strenuous recommendation (or 
perhaps even a requirement) that implementations prevent replay attacks. 
  Preventing replay attacks has to be done by the consumer in normal 
mode, typically with the use of nonces.  For dumb mode, if the consumer 
is really too limited to maintain state about openid connections, the 
server needs to prevent replay attacks in its check_authentication call.

Any thoughts on wording and/or placement?

Carl Howells


More information about the yadis mailing list