ietf-openproxy
[Top] [All Lists]

Unique Shared Secrets (4.4.2) in opes-authorization

2002-10-21 19:35:12

Why must the shared secrets be unique for each requestor / responder pair?
Why do we care?  In fact, such a requirement opens a security hole: I can
guess someone else's key by trying to enter keys until the "system" tells me
I can't because someone else has that key.

I would drop the bullet.


<Prev in Thread] Current Thread [Next in Thread>