[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 7 Jun 1998, Bill Stewart wrote:
> At 03:52 PM 5/27/98 -0700, Tony Bartoletti wrote:
> > >A client should never sign a challenge on it's own. the challenge should
> > >have a client random nonce appended to it, then sign that. the nonce
> > >can in fact be used as a counter challenge for the server to sign (whereby
> > >it also attaches a random nonce)
> >Vinnie, You are absolutely right. I was led astray by the wording of 6:
> > "The client signs and returns the challenge string with a
> > random nonce appended."
> Is appending the nonce good enough, or should you really prepend as well?
> The problem is that lots of applications can potentially be tricked by
> sign( "syntactically-correct-stuff,junk" )
> while they're less likely to accept messages with the junk first.
I am working on this draft with Vinnie and have an idea on how to
solve this. I talked with him briefly about it. Basically, the response
should be another V4 standalone signature. The challenge is placed in a
notation subpacket that is the only 'hashed' subpacket. The signature on
the V4 sig packet is the hash of the notation subpacket containing the
challenge (kinda like a 'meta' signature).
In the case of a client being one of several subjects in the
original PGPticket, their subject information should go in a separate
notation subpacket in the unhashed subpacket section. This will tell the
server which client is actually trying to use the ticket and keep them from
having to check the signature with each subject's key.
> Bill Stewart, email@example.com
> PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Tony Mione, RUCS/NS, Rutgers University, Hill 055, Piscataway,NJ - 732-445-0650
firstname.lastname@example.org W3: http://www-ns.rutgers.edu/~mione/
PGPFP:E2252CCD28733C5B 0B918A4E22BAFA9F ***** Important: John 17:3 *****
Author of 'CDE and Motif : A Practical Primer', Prentice-Hall PTR
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----