On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote:
Method of ticket validation
This draft validates the ticket by having the Membersite send a digest
to the Homesite and get an ACK. It's not clear why this is desirable.
Wouldn't it be simpler to have the Homesite digitally sign the ticket
(the key could be delivered in the initial capabilities discovery
phase) and then let the Membersite do the verification directly?
I appreciate that there's a freshness concern, but this can
be alleviated using the usual nonce-based anti-replay techniques.
A suggested implementation of a signature function would be to use
the SHA1 algorithm, which takes as input a digest of the message and
a secret known only to the Homesite.
Signature = T ( S + Digest )
Where, Digest is message digest (defined above), S is the Homesite
Secret, T is the signature generation function, and '+' means string
concatentation.
The technical term for a "signature" which can only be verified by
the holder of a symmetric secret is Message Authentication Code (MAC)
and there's a standard technique for performing MACs: HMAC (RFC 2104).
Our current implementation uses HMAC. Since the Homesite can use
whatever it wants, we left it out of the spec.
You call the message a "ticket" -- perhaps you can elaborate on that?
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
