assoc_type and assoc_handle

Paul Crowley paul at
Thu Jun 9 00:01:46 PDT 2005

Brad Fitzpatrick wrote:
> So we need to either add assoc_type to checkid_* mode (easier?) or merge
> assoc_type into the assoc_handle, as was proposed with the x.500/ldap/etc
> format of "{HMAC-TIGER}gibberishfooo"

The important thing is to make sure that no attacker can cause the 
server to use the same secret for two puropses.  If you use the same 
secret to drive HMAC-SHA1 and UMAC, say, all bets are off.

There are various ways the server can achieve this.  Like Nathan, I had 
thought of the handle as a reference to the association, and the 
association referencing not just a secret but also a type.  The 
alternative is what you propose, in which a (type, handle) pair 
references an association.

Thinking about it, your proposal is probably simpler; updating the Wiki. 
  But the thing that makes me nervous about this is that badly-written 
servers will do the dumb thing and just use the handle as the reference, 
making it trivial to cause them to violate the rule above.  If they have 
to somehow infer the type from the handle (which they can do in a 
variety of ways, the simplest of which is the "{HMAC-TIGER}foo" 
mechanism above) then such attacks are much harder.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list