assoc_type and assoc_handle
Paul Crowley
paul at ciphergoth.org
Thu Jun 9 00:01:46 PDT 2005
Brad Fitzpatrick wrote:
> So we need to either add assoc_type to checkid_* mode (easier?) or merge
> assoc_type into the assoc_handle, as was proposed with the x.500/ldap/etc
> format of "{HMAC-TIGER}gibberishfooo"
The important thing is to make sure that no attacker can cause the
server to use the same secret for two puropses. If you use the same
secret to drive HMAC-SHA1 and UMAC, say, all bets are off.
There are various ways the server can achieve this. Like Nathan, I had
thought of the handle as a reference to the association, and the
association referencing not just a secret but also a type. The
alternative is what you propose, in which a (type, handle) pair
references an association.
Thinking about it, your proposal is probably simpler; updating the Wiki.
But the thing that makes me nervous about this is that badly-written
servers will do the dumb thing and just use the handle as the reference,
making it trivial to cause them to violate the rule above. If they have
to somehow infer the type from the handle (which they can do in a
variety of ways, the simplest of which is the "{HMAC-TIGER}foo"
mechanism above) then such attacks are much harder.
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list