Replay attacks vs man in the middle

Brad Fitzpatrick brad at
Fri May 20 11:43:29 PDT 2005

On Fri, 20 May 2005, Sam Ruby wrote:

> Martin Atkins wrote:
> > Sam Ruby wrote:
> >
> >> In fact, the easiest thing I could do is to let the system go through
> >> the motions.  I initiate a post to your website saying that I am Fred.
> >> Fred's server serves up a page which asks me to authenticate.  I, of
> >> course, fail, but instead of the IFrame passing back up this little
> >> bit of information, I pass up a different response instead.  Remember,
> >> I have Greasemonkey.  This browser does what *I* want it to do.
> >>
> >>  From your perspective, you served up a comment form.  You initiated a
> >> redirect to Fred's machine.  You get back a response that says "Fred
> >> says it was OK".  What's not to like?
> >
> > That's right. It'll all work fine until you submit it to the consumer
> > site, at which point it'll try to validate your token but the ID server
> > key won't match.
> >
> > All you've done is conned your client. The server knows better.
> That would be cool, but I miss the part in the specs where it says this.
> But, assuming that were so, then I would assert that this is the part
> that is necessary and sufficient.  The redirection is not the crucial
> part, this is.

Uh, they both are.

> Now, given that I can install software on my client, all I need to be
> able to do is generate a token that matches my ID server.  This means
> that I can avoid all the round trips.

You can be the god of GreaseMonkey foo, but if LiveJournal can't hit a
webserver and get your public key and verify the DSA signature, we're not
going to authenticate you, and therefore not let you post.

Now, if you want to run a webserver somewhere that provides your public
key, and you ALSO want to have your private key in your Firefox to do DSA
signing, that'll work.  But the spec as is requires that webserver out
there to get the public key.

- Brad

More information about the yadis mailing list