[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unique Shared Secrets (4.4.2) in opes-authorization

To: "OPES Group" <ietf-openproxy@xxxxxxx>
Subject: Unique Shared Secrets (4.4.2) in opes-authorization
From: "Eric Burger" <eburger@xxxxxxxxxxxxx>
Date: Mon, 21 Oct 2002 22:35:11 -0400
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openproxy/mail-archive/>
List-id: <ietf-openproxy.imc.org>
List-unsubscribe: <mailto:ietf-openproxy-request@imc.org?body=unsubscribe>
Reply-to: <eburger@xxxxxxxxxxxxx>
Sender: owner-ietf-openproxy@xxxxxxxxxxxx

Why must the shared secrets be unique for each requestor / responder pair?
Why do we care?  In fact, such a requirement opens a security hole: I can
guess someone else's key by trying to enter keys until the "system" tells me
I can't because someone else has that key.

I would drop the bullet.

References:
- draft-ietf-opes-authorization-00.txt
  - From: Andre Beck

Prev by Date: Authentication Requirements in opes-authorization-00 (section 4.2)
Next by Date: Privacy Considerations (4.5) in opes-authorization-00
Previous by thread: Re: Authentication Requirements in opes-authorization-00 (section 4.2)
Next by thread: Privacy Considerations (4.5) in opes-authorization-00
Index(es):
- Date
- Thread