[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compound authentication "issue"

To: "ietf-sacred" <ietf-sacred@xxxxxxx>, stephen.farrell@xxxxxxxxxxxx
Subject: Re: Compound authentication "issue"
From: Lawrence Greenfield <leg+@xxxxxxxxxxxxxx>
Date: Wed, 27 Nov 2002 15:35:53 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-sacred@xxxxxxxxxxxx
User-agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (Unebigoryōmae) Emacs/21.2 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI)

Upon further consideration, isn't the man-in-the-middle attack
thwarted by the inclusion of "digest-uri-value" in the hash?

The DIGEST-MD5 client hash includes a client-selected
"digest-uri-value" which in sacred's case will be "sacred/<host>". In
a MITM attack, those values will be something else.

A MITM attack as described in the WG meeting is thwarted because
digest-uri-value wouldn't match what the sacred server is expecting.

If it would make people feel better, we can mention this safeguard in
the security considerations section.

Larry

Follow-Ups:
- Re: Compound authentication "issue"
  - From: Nystrom, Magnus

References:
- Compound authentication "issue"
  - From: Stephen Farrell

Prev by Date: RE: Compound authentication "issue"
Next by Date: Re: Compound authentication "issue"
Previous by thread: Re: Compound authentication "issue"
Next by thread: Re: Compound authentication "issue"
Index(es):
- Date
- Thread