Sirini,
thanks for the feedback. we will add this as an action item for the -01
draft.
abbie
-----Original Message-----
From: bindignavile(_dot_)srinivas(_at_)nokia(_dot_)com
[mailto:bindignavile(_dot_)srinivas(_at_)nokia(_dot_)com]
Sent: Monday, October 28, 2002 4:07 PM
To: Barbir, Abbie [CAR:1A00:EXCH]; eburger(_at_)snowshore(_dot_)com;
ietf-openproxy(_at_)imc(_dot_)org
Subject: RE: Unique Shared Secrets (4.4.2) in opes-authorization
Hi,
I had a look at the opes-authorization draft again, and I too was not really
convinced of the need for "unique" shared secrets for each
requestor/responder pair. The only way I can see for the integrity and
confidentiality of OPES data (application) flow to be compromised is:
1. Two different data streams (with different "content consumers" and same
or different "content providers") share the same OPES device.
2. One of the two CC's is malicious.
3. In this event, if the shared secrets for each requestor/responder pair
are not unique, then the integrity and confidentiality of OPES data could be
compromised.
However, if all the OPES CC's can be trusted, then uniqueness is not needed,
IMHO!
-Srini
-----Original Message-----
From: ext Abbie Barbir [mailto:abbieb(_at_)nortelnetworks(_dot_)com]
Sent: Wednesday, October 23, 2002 10:19 AM
To: eburger(_at_)snowshore(_dot_)com; OPES Group
Subject: RE: Unique Shared Secrets (4.4.2) in opes-authorization
eric,
The intend here is to secure the Hop-by-hop traffic. We can reaxime the
wording and the requirements.
-- This will be added as an action item for the -01 draft.
Abbie
-----Original Message-----
From: Eric Burger [mailto:eburger(_at_)snowshore(_dot_)com
<mailto:eburger(_at_)snowshore(_dot_)com> ]
Sent: Monday, October 21, 2002 10:35 PM
To: OPES Group
Subject: Unique Shared Secrets (4.4.2) in opes-authorization
Why must the shared secrets be unique for each requestor /
responder pair? Why do we care? In fact, such a requirement
opens a security hole: I can guess someone else's key by
trying to enter keys until the "system" tells me I can't
because someone else has that key.
I would drop the bullet.