[OpenID] Nonces generated by the server?

[Breno de Medeiros]

On Tue, Mar 31, 2009 at 2:28 PM, Martin Atkins <mart at degeneration.co.uk>wrote:

>
> I was idly reading the OpenID spec today and was reminded that the OpenID
> spec has the server generate a response nonce, rather than it being
> generated by the consumer.
>
> This seems strange to me, because in order to prevent replay it requires
> the consumer to remember all nonces that it has seen recently. If the
> consumer generated the nonce, then it would only need to retain state of
> nonces that it has issued, which is conceptually simpler.


Yes, I wondered about that too. Note, however, that in OpenID dumb
(stateless) mode the OP has the opposite obligation. So if you do down that
route, it would be better that there was a nonce from RP and a
nonce-response from OP so that both could employ more reliable approaches to
nonce-checking.


>
>
> I note that over in OAuth land they have the consumer generate the nonce
> rather than the server.
>
> Is there a specific security reason why the server generates the nonce in
> OpenID, or was this just an arbitrary decision?
>
> I'm also somewhat curious about how many OpenID consumers actually do nonce
> checking. Net::OpenID::Consumer for Perl actually ignores the nonce
> altogether and implements its own timestamp checking due to legacy code for
> OpenID 1.1, and seems to be vulnerable to replay for up to 30 seconds after
> a positive assertion. Are *any* RPs actually checking nonces to prevent
> replay during the timestamp window?
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090331/f9f63334/attachment-0002.htm>