Hi,
I had a look at the opes-authorization draft again, and I too was not really
convinced of the need for "unique" shared secrets for each requestor/responder
pair. The only way I can see for the integrity and confidentiality of OPES data
(application) flow to be compromised is:
1. Two different data streams (with different "content consumers" and same or
different "content providers") share the same OPES device.
2. One of the two CC's is malicious.
3. In this event, if the shared secrets for each requestor/responder pair are
not unique, then the integrity and confidentiality of OPES data could be
compromised.
However, if all the OPES CC's can be trusted, then uniqueness is not needed,
IMHO!
-Srini
-----Original Message-----
From: ext Abbie Barbir [mailto:abbieb(_at_)nortelnetworks(_dot_)com]
Sent: Wednesday, October 23, 2002 10:19 AM
To: eburger(_at_)snowshore(_dot_)com; OPES Group
Subject: RE: Unique Shared Secrets (4.4.2) in opes-authorization
eric,
The intend here is to secure the Hop-by-hop traffic. We can reaxime the wording
and the requirements.
-- This will be added as an action item for the -01 draft.
Abbie
-----Original Message-----
From: Eric Burger [ mailto:eburger(_at_)snowshore(_dot_)com]
Sent: Monday, October 21, 2002 10:35 PM
To: OPES Group
Subject: Unique Shared Secrets (4.4.2) in opes-authorization
Why must the shared secrets be unique for each requestor /
responder pair? Why do we care? In fact, such a requirement
opens a security hole: I can guess someone else's key by
trying to enter keys until the "system" tells me I can't
because someone else has that key.
I would drop the bullet.