<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Andrew, <br>
<br>
Are the RP's nonces vulnerable to MITM attacks? For instance, if the
attacker was able to sniff the nonce in the RP's return_to, then
presumably, the attacker would be able to replay it?<br>
<br>
I guess tying the nonce to the browser's IP address would be sufficent,
although if there's a MITM, the attacker presumably controls the IP
address as well.<br>
<br>
Allen<br>
<br>
<br>
<br>
Andrew Arnott wrote:
<blockquote
cite="mid:216e54900906082051i90191a8r97edfd4ea97ea2ff@mail.gmail.com"
type="cite">Yes, <a moz-do-not-send="true"
href="http://blog.nerdbank.net/2009/03/replay-protection-for-openid-1x-relying.html">DotNetOpenAuth
RPs attach their own nonces to their return_to's when communicating
with 1.0 OPs</a>. It would be a simple matter to expand the scenarios
it activates this behavior for if necessary.
<div><br>
</div>
<div>--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the
death your right to say it." - S. G. Tallentyre<br>
<br>
<br>
<div class="gmail_quote">On Mon, Jun 8, 2009 at 4:47 PM, John Bradley
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jbradley@mac.com">jbradley@mac.com</a>></span> wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="">The other approach that has been used to secure 1.1
RP's is to place a signed nonce in the nonce in the return_to URI.
The RP verifies its own sig.
<div><br>
</div>
<div>I believe this is an option in DotNetOpenAuth for openID as
well.</div>
<div><br>
</div>
<div>This removes the need for the RP to synchronize data across
servers. This assumes properly configured load balancers though.</div>
<div><br>
</div>
<div>That is one other approach.</div>
<div><br>
</div>
<div>John B.<br>
<div>
<div>On 8-Jun-09, at 7:35 PM, Allen Tom wrote:</div>
<br>
<blockquote type="cite">
<div bgcolor="#ffffff" text="#000000"> Hi Johannes,<br>
<br>
My personal opinion is that if HTTPS is used for the entire protocol
flow, including the RP's return_to URL, then the RP should be able to
verify that the timetamp in the nonce is current, to within a few
minutes, as opposed to having to verify that the entire nonce is truly
unique.<br>
<br>
Allen<br>
<br>
<br>
<br>
Johannes Ernst wrote:
<blockquote type="cite"><br>
On Jun 8, 2009, at 15:50, Allen Tom wrote: <br>
<br>
<blockquote type="cite">
<blockquote type="cite">6) Pull the replay warning into its
own bullet, and mention the use of a timestamp to bound the time nonces
must be stored for. <br>
</blockquote>
[atom] Also a good point. On a related note, many large globally
distributed RPs may have a hard time implementing nonces as per the
OpenID spec, as it's technically tricky to globally replicate data,
especially if it needs to be replicated very quickly. In practice, RPs
may only find it practical to verify that the timestamp is "current" as
opposed to actually verifying that the nonce is can only be used once. <br>
</blockquote>
<br>
In this case, do these mythical "globally distributed RPs" have a
better approach for avoiding replay attacks or do they simply swallow
that risk because no better approach is known. <br>
<br>
Just wondering ... <br>
<br>
<br>
<br>
<br>
<br>
Johannes Ernst <br>
NetMesh Inc. <br>
<br>
<br>
<hr size="4" width="90%"><br>
<center><span><mime-attachment.gif></span></center>
<p> <br>
<br>
</p>
<hr size="4" width="90%"><br>
<center><span><mime-attachment.gif></span></center>
<p> <a moz-do-not-send="true" href="http://netmesh.info/jernst"
target="_blank">http://netmesh.info/jernst</a> <br>
<br>
<br>
<br>
</p>
</blockquote>
<br>
</div>
_______________________________________________<br>
security mailing list<br>
<a moz-do-not-send="true" href="mailto:security@openid.net"
target="_blank">security@openid.net</a><br>
<a moz-do-not-send="true"
href="http://openid.net/mailman/listinfo/security" target="_blank">http://openid.net/mailman/listinfo/security</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>