Realm spoofing spec patch

[Johnny Bufu]

On 24-May-07, at 5:54 PM, Recordon, David wrote:

> I guess since we're unable to fully resolve this issue from a  
> technical
> perspective, and no I don't have a better technical solution, I'm
> wondering if this should actually be an extension to the core protocol
> versus seeming like a resolution to the problem when it really doesn't
> completely solve it.

-1

An extension is totally optional. On the other hand, when I implement  
a spec I treat all SHOULDs as MUSTs by default, and only examine them  
if I can't deal with something.


The main issue with this attack I believe was the OP making a false  
statement to their users, thus compromising their trust.

Even with the SHOULDs, the OPs have the means to decide how they  
interact with their users. If this results in not granting access to  
unverified RPs, the OP can say "well, the RP you're trying to go to  
really SHOULD implement RP discovery".

With an extension the OP's statement would be "we're using this  
extension and can't let you go to this RP because they don't  
implement it and we can't verify their endpoints".


Having said that, I would certainly like some of these SHOULDs to be  
turned into MUSTs if doing so doesn't lead to other issues  
(deployments, etc.).


Johnny