On 6/24/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
On 23-Jun-06, at 9:17 PM, Eric Rescorla wrote: >> >> In DIX, the RP includes a nonce in the request, which must then also >> be in the nonce which would prevent replay attacks assuming the RP is >> managing nonce state would it not? > > Only if each authentication token is only single-use. Otherwise, > an attacker can replay it during the validity period. Even then, > cut-and-paste attacks are still possible if you block the > initial request. My understanding of the definition of a nonce is that it is single-use. Would you humour me with an explanation of a cut-and-paste attack per above?
Ideally a nonce is single-use, but often people want to avoid keeping state on the server(s), so instead the nonce expires after a (short) time. For example, the nonce is a random number+a timestamp signed by the server. When it comes back, the server checks the signature and the timestamp.
>> I saw the security risk here being the reliance on DNS for identity >> of the IdP in the verification step. > > Hmm.... I think this depends on the design. If you're using > SSL/TLS, you should be able to block most attacks of this > class, provided you have a CRA authentication method... Agreed. On a related note, the primary security threat I saw with DIX was how the user knows they are at their IdP. DIX considers that out of band as there does not need to be a standard way of doing it for DIX, each IdP could do it a different way, and given this is a place the user is visiting often whose purpose is to make sure the user knows they are at the IdP and the IdP to have certainty it is the user, the investment in stronger authN for both the user and the site is worthwhile.
Isn't this essentially the primary security threat behind all phishing? _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
