[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth handshake and rendevouz objects
From: |
Niels Möller |
Subject: |
Re: auth handshake and rendevouz objects |
Date: |
05 Nov 2002 21:33:16 +0100 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Tom Hart <address@hidden> writes:
> I'm sure I'm being stupid, here, but is there any way that A can
> return a digitally-signed token to B, so that the protocol becomes:
You can use cryptography. You don't need any public-key cryptography,
though. Let S have a random secret key K which it keeps to itself
(generated at process startup, so it need not be stored anywhere, or
ever transferred).
1. A->S: I want to give handle x to B.
2. S<-A: Here's a token T. S computes T as
<A, B, S, x, HMAC-SHA1(key, A, B, S, x>
3. A->B: Please use this token T to get the handle x.
4. B->S: Please give me a handle in return for this token.
5. S->B: Ok. (After verifying the MAC and contents):
6. B->A: Thanks. Got it now.
And as Markus said, you can replace the HMAC with just a sufficiently
large random number, if you put some more state in S. Another tricky
detail is that with this scheme, you can't reuse the values of x, and
if it's possible that x ever rolls over, S needs to generate a new key
before that happens.
But using crypto is certainly possible, but it's also overkill for
this problem.
/Niels
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/03
- Re: auth handshake and rendevouz objects, Bram Meersman, 2002/11/04
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/04
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/04
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Tom Hart, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects,
Niels Möller <=
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Neal H. Walfield, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05
- Re: auth handshake and rendevouz objects, Neal H. Walfield, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/06
- Re: auth handshake and rendevouz objects, Michal 'hramrach' Suchanek, 2002/11/11
- Re: auth handshake and rendevouz objects, Marcus Brinkmann, 2002/11/05
- Re: auth handshake and rendevouz objects, Neal H. Walfield, 2002/11/05
- Re: auth handshake and rendevouz objects, Niels Möller, 2002/11/05