On Wed, Jan 27, 2010 at 10:44 PM, Nat Sakimura <[email protected]> wrote:
> (2010/01/28 14:41), Andrew Arnott wrote: > > On the other hand, I'm not entirely convinced that nonces are all that > useful, since any MITM could also conceivably *pre*play the message, and > get in anyway. Encryption seems to really be the best/only mitigation. > > > Assertion is signed and given that nonce has sufficient level of entropy > and randomness, it should be pretty hard to preplay, is it not? > Thanks, Nat. I hadn't thought of the browser plugin MITM, although as Allen says, if you have an evil browser plugin, you're already hosed, so it's no mitigation there either. As far as the preplay, I'm not talking about guessing the nonce. I'm referring to the scenario where you *see* the nonce fly by because you're in the middle (and potentially then with the ability to suppress or suspend the original request) and thus able to play the HTTP request yourself before the original ever gets to its destination.
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
