[OpenID] OpenId Association Timeout Recommendations

Aswath Rao aswathr at hotmail.com
Tue Feb 6 23:05:25 UTC 2007

I would like to know whether your point regarding the vulnerability of 
Direct verification still holds if we use Cardspace as it was announced 
earlier in the day. This is relevant for the application where we use OpenID 
as the identifier for SIP sessions.

In short the proposal is for the originator of the session to procure 
credentials before initiating the session and include it in the INVITE 
message and the receiver to authenticate it with the OP.

A MITM can easily change any is_valid value since those responses are 

There is a MITM attack on the association step, but it is much harder, as it 
requires DH computation and state keeping for later authentication steps. 
There are also DH variants that are more resilient to MITM attacks (SRP 
anyone? ;), and such can be added as mechanisms to the protocol.

In reality Direct Verification is useless. Very few RPs use secure channels. 
The message floats unprotected through the network of tubes.

Direct verification gives an attacker an incredibly simple way to downgrade 
the protocol without either the OP nor the RP being any wiser.

What attacker wouldn't love that?


More information about the general mailing list