[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGPticket

To: Tony Bartoletti <azb@llnl.gov>, Vinnie Moscaritolo <vinnie@apple.com>, openpgp <ietf-open-pgp@imc.org>, pgpticket <ietf-pgpticket@vmeng.com>
Subject: Re: PGPticket
From: Bill Stewart <bill.stewart@pobox.com>
Date: Sun, 07 Jun 1998 16:41:35 -0500
Cc: Bill Frantz <frantz@netcom.com>, "spki@c2.net" <spki@c2.net>, "cme@cybercash.com" <cme@cybercash.com>
In-Reply-To: <3.0.3.32.19980527155229.00b38cb0@poptop.llnl.gov>
References: <199805272223.PAA06172@scv2.apple.com>
Sender: owner-ietf-open-pgp@imc.org

At 03:52 PM 5/27/98 -0700, Tony Bartoletti wrote:
>  >A client should never sign a challenge on it's own. the challenge should 
>  >have a client random nonce  appended to it, then sign that. the nonce
>  >can in fact be used as a counter challenge for the server to sign (whereby
>  >it also attaches a random nonce)
>
>Vinnie,  You are absolutely right.  I was led astray by the wording of 6:
>  "The client signs and returns the challenge string with a
>  random nonce appended."

Is appending the nonce good enough, or should you really prepend as well?
The problem is that lots of applications can potentially be tricked by
	sign( "syntactically-correct-stuff,junk" )
while they're less likely to accept messages with the junk first.
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Follow-Ups:

Re: PGPticket

From: Tony Mione <mione@boeing.rutgers.edu>

References:

Re: PGPticket

From: Vinnie Moscaritolo <vinnie@apple.com>

Re: PGPticket

From: Tony Bartoletti <azb@llnl.gov>

Prev by Date: [Fwd: Revocation, etc...]
Next by Date: Re: PGPticket
Prev by thread: Re: PGPticket
Next by thread: Re: PGPticket
Index(es):
- Main
- Thread