Dick Hardt <[EMAIL PROTECTED]> writes: > On 11-Feb-06, at 3:17 PM, Eric Rescorla wrote: > >> >> Method of ticket validation >> This draft validates the ticket by having the Membersite send a digest >> to the Homesite and get an ACK. It's not clear why this is desirable. >> Wouldn't it be simpler to have the Homesite digitally sign the ticket >> (the key could be delivered in the initial capabilities discovery >> phase) and then let the Membersite do the verification directly? >> I appreciate that there's a freshness concern, but this can >> be alleviated using the usual nonce-based anti-replay techniques. >> >> A suggested implementation of a signature function would be to use >> the SHA1 algorithm, which takes as input a digest of the message and >> a secret known only to the Homesite. >> >> Signature = T ( S + Digest ) >> >> Where, Digest is message digest (defined above), S is the Homesite >> Secret, T is the signature generation function, and '+' means string >> concatentation. >> >> The technical term for a "signature" which can only be verified by >> the holder of a symmetric secret is Message Authentication Code (MAC) >> and there's a standard technique for performing MACs: HMAC (RFC 2104). > > Our current implementation uses HMAC. Since the Homesite can use > whatever it wants, we left it out of the spec.
Well, that's fine, but you shouldn't be recommending a technique which is known to be inferior to HMAC. > You call the message a "ticket" -- perhaps you can elaborate on that? See my response to John. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
