Dumb mode question

meepbear * meepbear at hotmail.com
Wed Jul 6 02:31:17 PDT 2005 

I was finishing up my server when I started wondering whether the 
assoc_handle from 'regular' mode and the one from 'dumb' mode shouldn't be 
completely unrelated?

John writes up some code to associate with an OpenID server and gets a 
mac_key and an assoc_handle.
He uses those two to write up an id_res response to a consumer with someone 
else's identity (that the OpenID server is qualified to assert). He then 
goes to a consumer, figures out what that consumer's valid return_to (see 
the other email in this thread) is and creates a valid openid.sig.

He sends the fake "id_res" to the consumer with an invalidate_handle and 
uses the assoc_handle he has the mac_key for. The consumer checks return_to, 
sees that it's valid and fallbacks to dumb mode and sends the server a 
"check_authentication". The server validates the assertion since John knew 
the mac_key associated with it and was able to create a valid signature.

The problem is that the server didn't distinguish between 'regular' and 
'dumb' mode association handles and allowed one to be used in place of the 
other.
Also both the consumer and server should be checking invalidate_handle. If a 
consumer receives an invalidate_handle it doesn't know about, it should stop 
dead and return an error. If a server receives an invalidate_handle it does 
know about then it should be not answer the check_authentication but simply 
return an error as well.
The reasoning for the second is that someone could only fool one of the two 
at most. If they give a valid "invalid handle" to a consumer it'll contact 
the server but then the server won't respond since it knows the handle isn't 
invalid so it has to have been fabricated. If they give an invalid "invalid 
handle" to a consumer it'll know it's not a handle it was ever issued so it 
can only be fabricated as well so it won't even look at the rest of the 
"id_res".

Sorry to keep coming up with malicious situations but it's still better that 
someone here sees one then when everything is fully written and deployed all 
over.
Since the source for most of the consumers and servers will be freely 
available, it won't take much for anyone to figure out which combination of 
the two is vulnerable to something.

More information about the yadis mailing list