[OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

Gerald Beuchelt beuchelt at sun.com
Fri Aug 8 18:50:00 UTC 2008 

Peter Williams wrote:
> Are you implying that , for openid auth that does not use https (with pki-leveraging ciphersuites, where the pki uses crls), that one would be "grossly negligent" to use the core dh key agreement handshake defined by david and co?
>
> Perhaps I should the question more simply?
>
> Would you support making it mandatory that openid binds to (commodity) https (vs http)?
>
>   
    Yup. While this would not be the final solution, it would help 
making OpenID more secure. David et al. were aware of the potential 
issues, as is documented in section 15.1.2 of the openid-auth-2.0. Using 
SSL would help to some extend, assuming you check for revocation.
> ________________________________
> From: Gerald Beuchelt <beuchelt at sun.com>
> Sent: Friday, August 08, 2008 12:45 PM
> To: Dick Hardt <dick at sxip.com>
> Cc: cryptography at metzdowd.com <cryptography at metzdowd.com>; Eric Rescorla <ekr at networkresonance.com>; Dave Korn <dave.korn at artimi.com>; full-disclosure at lists.grok.org.uk <full-disclosure at lists.grok.org.uk>; bugtraq at securityfocus.com <bugtraq at securityfocus.com>; OpenID List <general at openid.net>; security at openid.net <security at openid.net>
> Subject: Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
>
> Dick Hardt wrote:
>
> On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:
>
>
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?
>
>
>
> Clearly many implementors have chosen to *knowingly* ignore CRLs
> despite the security implications, so my take away would be that the
> current public key infrastructure is flawed.
>
>
>
>     Well, they might have done this *knowingly*, but--at least for some--I doubt that they *know* what they have done. IMO, it is bad practice to implement only half of a protocol/standard for any reason (especially out of laziness or ignorance), but that is what using certificates without CRL checking amounts to.
>
>     If we believe that the current PKI was truly flawed, it would be an act of gross negligence to use it for anything requiring a properly secured communication channel.
>
>     To extend Ben's advice: Decide if you want to use the current PKI. If so, implement CRL checking.
>
> Gerald
>
> -- Dick
>
> _______________________________________________
> general mailing list
> general at openid.net<mailto:general at openid.net>
> http://openid.net/mailman/listinfo/general
>
>
>

More information about the general mailing list