Dumb mode question

Brad Fitzpatrick brad at danga.com
Wed Jul 6 11:56:49 PDT 2005

On Wed, 6 Jul 2005, meepbear * wrote:

> I was finishing up my server when I started wondering whether the
> assoc_handle from 'regular' mode and the one from 'dumb' mode shouldn't be
> completely unrelated?
> John writes up some code to associate with an OpenID server and gets a
> mac_key and an assoc_handle.
> He uses those two to write up an id_res response to a consumer with someone
> else's identity (that the OpenID server is qualified to assert). He then
> goes to a consumer, figures out what that consumer's valid return_to (see
> the other email in this thread) is and creates a valid openid.sig.
> He sends the fake "id_res" to the consumer with an invalidate_handle and
> uses the assoc_handle he has the mac_key for. The consumer checks return_to,
> sees that it's valid and fallbacks to dumb mode and sends the server a
> "check_authentication". The server validates the assertion since John knew
> the mac_key associated with it and was able to create a valid signature.
> The problem is that the server didn't distinguish between 'regular' and
> 'dumb' mode association handles and allowed one to be used in place of the
> other.

Good find!

So in a nutshell:  check_authentication should never validate signatures
created with assoc_handles whose secret has been disclosed to any party.

We don't have to mandate the format of the assoc_handle (it's still
opaque), but we just need to document the issue.

Trying to think what big scary wording to add to the spec.

> Also both the consumer and server should be checking invalidate_handle. If a
> consumer receives an invalidate_handle it doesn't know about, it should stop
> dead and return an error.

That's probably fine, but...

> If a server receives an invalidate_handle it does know about then it
> should be not answer the check_authentication but simply return an error
> as well.

No!  The whole point of invalidate_handle was for when servers forgot
their secrets.  If you send a server a gibberish invalidate_handle, it has
to confirm that it knows nothing about it.

- Brad

More information about the yadis mailing list