Replay attacks vs man in the middle

Imran Ghory imranghory at
Fri May 20 09:53:35 PDT 2005

On 5/20/05, Brad Fitzpatrick <brad at> wrote:

> The DSA signature with timestamp is there so consumers who DO care about
> freshness can use the timestamp to make sure a signature was issued only
> in the past $n minutes.  And because the signature as a whole was signed
> using a random number, the entire signature itself is a nonce, so the
> consumer site can prevent replay attacks by just not accepting that digest
> ever again.
> That said, am I still missing something?

The problem with that is that the consumer site has to keep a record
of every single digest. The advantage of a nonce is that it fixes the
problem while not requiring a database to store all of the digests and
hence makes it significantly cheaper to implement securely.


More information about the yadis mailing list