OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri-editors message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xri-editors] URI authority resolution


I'd argue that even your trusted rez example can't be trusted. Consider the following, where everything is signed by a single trusted root (ie the @ trust root):

@microsoft "maps" to @!1!2!3

@community*evilmember "maps" to @!1!2!3

Both are digitally signed by their owners (@microsoft and @community*evilmember respectively). Even if @ polices its namespace, it doesn't follow that it can police the XRI Descriptors which are in delegated namespaces below @ such as @community.

If we allow the "maps" assertion to be two way (ie "equivalence"), then some resolvers could be tricked into thinking that @!1!2!3 can be mapped to @community*evilmember (since equivalence can be stated as a bidirectional mapping). Whats wrong with this? Consider this attack:

1) A resolver resolves @community*evilmember into an XRI Descriptor has statements about local access services that point to the evilmember. The resolver caches the XRI Descriptor and notes the equivalence statement for future use.
2) A resolver resolves @microsoft into @!1!2!3 via a "equivalence" 
3) Because @!1!2!3 is asserted to be the same as @commmunity*evilmember, the resolver uses the cached XRI Descriptor for @community*evilmember instead of freshly resolving @!1!2!3 (ie transitive equivalence)
4) The resolver is tricked into using the local access services of @community*evilmember rather than the ones actually run by microsoft...

The problem lies in step 3 where a strong form of bidirectional & transitive equivalence is assumed. Thats a problem, even if everyone is digitally signed a la trusted resolution. 

Assertions should only be made "outwards" from what is resolved and not "inwards" to what is resolved (if that makes sense).

	-Gabe
 
__________________________________________________ 
gwachob@visa.com
Chief Systems Architect
Technology Strategies and Standards
Visa International 
Phone: +1.650.432.3696   Fax: +1.650.554.6817


> -----Original Message-----
> From: Davis, Peter [mailto:peter.davis@neustar.biz]
> Sent: Monday, November 29, 2004 2:42 PM
> To: Drummond Reed
> Cc: xri-editors@lists.oasis-open.org
> Subject: RE: [xri-editors] URI authority resolution
> 
> 
> so, i agree with Gabe, in that equiv. statements are at the addressing
> layer, and we should use a term such as 'mapping' when 
> discussing other
> xri's which point to the same representation.
> 
> trustable mapping is performed via trusted resolution, which 
> returns an
> assertion of equivalence... that is, an assertion that
> @Microsoft/(+website) is another name for the resource 
> representation of
> http://www.microsoft.com/ or @!1!2!3/(+website)
> 
> 'synonym' is as good a term as any i suppose, tho linguistically,
> synonyms tend to imply a more lax equivalence.
> 
> --- peterd
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]