"Bob Jueneman" <BJUENEMAN(_at_)novell(_dot_)com> writes:
I'm afraid that I disagree with the apparent concensus, and
agree with Russ.
"Applications which desire replay prevention should carefully
consider what it is they are trying to accomplish and
design accordingly. "
Excellent advice, but unfortunately very rarely followed.
Applications which DON'T follow it will likely get unexpected
results even if they use Signing Time.
The issue here is not generating Signing Time but rather
checking it. To produce predictable results, protocols which
desire replay protection have to specify how the replay
checking is performed, which is the tricky bit. We
shouldn't do that here since it's application specific.
Consequently, since we can't do the Right Thing we shouldn't
do anything.
I would be perfectly happy with suggesting that signing time always
be used, but I suppose you could have a CHOICE of signing time or some
nonce. Creating a good nonrepeating nonce may be even harder,
however.
Huh? Creating a nonrepeating nonce is trivial. Use a counter.
In the worst case, you can use the time, in which case
this reduces to the Signing Time problem.
-Ekr
--
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."