[Top] [All Lists]

Re: Replay of CMS SignedData

1998-08-11 09:26:00
"Bob Jueneman" <BJUENEMAN(_at_)novell(_dot_)com> writes:

I'm afraid that I disagree with the apparent concensus, and 
agree with Russ.

"Applications which desire replay prevention should carefully
consider what it is they are trying to accomplish and 
design accordingly. "

Excellent advice, but unfortunately very rarely followed.
Applications which DON'T follow it will likely get unexpected
results even if they use Signing Time.

The issue here is not generating Signing Time but rather
checking it. To produce predictable results, protocols which
desire replay protection have to specify how the replay
checking is performed, which is the tricky bit. We
shouldn't do that here since it's application specific.
Consequently, since we can't do the Right Thing we shouldn't
do anything.

I would be perfectly happy with suggesting that signing time always
be used, but I suppose you could have a CHOICE of signing time or some 
nonce.  Creating a good nonrepeating nonce may be even harder, 
Huh? Creating a nonrepeating nonce is trivial. Use a counter.
In the worst case, you can use the time, in which case
this reduces to the Signing Time problem.


[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."

<Prev in Thread] Current Thread [Next in Thread>