[OpenID] OpenId Association Timeout Recommendations
Aswath Rao
aswathr at hotmail.com
Tue Feb 6 23:05:25 UTC 2007
I would like to know whether your point regarding the vulnerability of
Direct verification still holds if we use Cardspace as it was announced
earlier in the day. This is relevant for the application where we use OpenID
as the identifier for SIP sessions.
In short the proposal is for the originator of the session to procure
credentials before initiating the session and include it in the INVITE
message and the receiver to authenticate it with the OP.
Thanks
Aswath
------------------------------------------------------------------------------------------
A MITM can easily change any is_valid value since those responses are
unprotected.
There is a MITM attack on the association step, but it is much harder, as it
requires DH computation and state keeping for later authentication steps.
There are also DH variants that are more resilient to MITM attacks (SRP
anyone? ;), and such can be added as mechanisms to the protocol.
In reality Direct Verification is useless. Very few RPs use secure channels.
The message floats unprotected through the network of tubes.
Direct verification gives an attacker an incredibly simple way to downgrade
the protocol without either the OP nor the RP being any wiser.
What attacker wouldn't love that?
Hans
More information about the general
mailing list