[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XRD trusted discovery workflow
On Tue, Dec 9, 2008 at 8:35 PM, Dirk Balfanz <balfanz@google.com> wrote:
> - Both in the PKI and in the out-of-band versions the basic verificationThe canonical id in the document is important because it prevents
> step seems to go like this: you already have a canonical_id, and you do the
> following: (1) check that the canonical_id in the XRD document is the same
> as the canonical_id you're already holding, (2) verify the signature on the
> document, (3) verify that the key used to sign the document matches the
> canonical_id in the document. Why bother with the canonical_id in the
> document in the first place? Why not just (1) verify the signature, and (2)
> verify that the key used to sign the document matches the canonical_id
> you're already holding?
someone from replaying a document in a different context. For
example, imagine two users with two different XRDs:
http://www.example.com/good has a signon URL of http://some-trusted-idp
http://www.example.com/evil has a signon URL of http://some-evil-idp
Both XRDs are signed by www.example.com (which is what you'd expect
since they are authoritative for www.example.com URLs...).
Now imagine that some RP is looking for the XRD for
http://www.example.com/good, but an attacker substitutes the XRD for
http://www.example.com/evil.
Without a canonical ID in the XRD, there's no way for the RP to tell.
(If this is coherent/accurate we need to write it down somewhere,
because the attack is kind of subtle.)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]