Replay attacks vs man in the middle

Brad Fitzpatrick brad at danga.com
Fri May 20 11:58:29 PDT 2005


On Fri, 20 May 2005, Martin Atkins wrote:

> Brad Fitzpatrick wrote:
> > On Fri, 20 May 2005, Imran Ghory wrote:
> >
> >
> >>On 5/20/05, Brad Fitzpatrick <brad at danga.com> wrote:
> >>
> >>
> >>>The DSA signature with timestamp is there so consumers who DO care about
> >>>freshness can use the timestamp to make sure a signature was issued only
> >>>in the past $n minutes.  And because the signature as a whole was signed
> >>>using a random number, the entire signature itself is a nonce, so the
> >>>consumer site can prevent replay attacks by just not accepting that digest
> >>>ever again.
> >>>
> >>>That said, am I still missing something?
> >>
> >>The problem with that is that the consumer site has to keep a record
> >>of every single digest.
> >
> >
> > True, but to be fair:  only those within the allowed time window.  Not all
> > of history.  But I'm with you on wanting to make it as cheap as possible
> > to run this all.
> >
>
> The difference really is between tracking pending requests vs. tracking
> past requests. For most sites, I think there will be less pending at a
> given moment than there are past.

Agreed.

I think it should be required that servers accept and sign them, for
consumers who want to work that way.

- Brad



More information about the yadis mailing list