[OpenID] Nonces generated by the server?
Martin Atkins
mart at degeneration.co.uk
Tue Mar 31 21:28:53 UTC 2009
I was idly reading the OpenID spec today and was reminded that the
OpenID spec has the server generate a response nonce, rather than it
being generated by the consumer.
This seems strange to me, because in order to prevent replay it requires
the consumer to remember all nonces that it has seen recently. If the
consumer generated the nonce, then it would only need to retain state of
nonces that it has issued, which is conceptually simpler.
I note that over in OAuth land they have the consumer generate the nonce
rather than the server.
Is there a specific security reason why the server generates the nonce
in OpenID, or was this just an arbitrary decision?
I'm also somewhat curious about how many OpenID consumers actually do
nonce checking. Net::OpenID::Consumer for Perl actually ignores the
nonce altogether and implements its own timestamp checking due to legacy
code for OpenID 1.1, and seems to be vulnerable to replay for up to 30
seconds after a positive assertion. Are *any* RPs actually checking
nonces to prevent replay during the timestamp window?
More information about the general
mailing list