Commit 1b13d0105d2bbf9f4dd8d61b3b19849d39a73d77
Updated desirable properties for a secure channel (markdown)
Dominic Tarr committed on 5/7/2015, 8:36:18 PMParent: 258b4892ff287d66e7fe838dbdba16a10db5b2e2
Files changed
| desirable-properties-for-a-secure-channel.md | changed |
| desirable-properties-for-a-secure-channel.md | ||
|---|---|---|
| @@ -12,9 +12,10 @@ | ||
| 12 | 12 | 10. eavesdropper cannot learn server key |
| 13 | 13 | 11. eavesdropper cannot confirm client key |
| 14 | 14 | 12. eavesdropper cannot confirm server key |
| 15 | 15 | 13. replay attack cannot learn who is authorized |
| 16 | -14. unauthorized client cannot learn identity of server. | |
| 16 | +14. unauthorized client cannot learn server key. | |
| 17 | +15. unauthorized client cannot confirm server key | |
| 17 | 18 | |
| 18 | 19 | ## requirements |
| 19 | 20 | |
| 20 | 21 | how to achieve the above properties |
| @@ -64,10 +65,16 @@ | ||
| 64 | 65 | ## 13. a replay attack cannot learn whether a given client is authorized on this server. |
| 65 | 66 | |
| 66 | 67 | It would be easy for a eavesdropper to record client hellos, and then send them to random servers to see whether that client is authorized on that server. If the server rejects that connection before the client has proven their identity then this leaks information from the server's access list. The server should wait until the client has proved their identity before rejecting a connection. |
| 67 | 68 | |
| 68 | -## 14. unauthorized client cannot learn identity of server. | |
| 69 | +## 14. unauthorized client cannot learn server key. | |
| 69 | 70 | |
| 70 | 71 | To realize this property it would be necessary for the client to auth to the server first. |
| 71 | 72 | This property seems reasonable - "hi this is Alice, is Bob there?" if Bob isn't talking to Alice, or if it's a wrong number the server responds "sorry wrong number" and hangs up. This will require an extra round trip, because a challenge must be issued to the client. |
| 72 | 73 | |
| 73 | -This property would prevent an active attacker from verifying who a given server is. | |
| 74 | +This property would prevent an active attacker from learning who a given server is. | |
| 75 | + | |
| 76 | +## 15. unauthorized client cannot confirm server key. | |
| 77 | + | |
| 78 | +This property is stronger than 14, because 14 means the server shouldn't reveal their key to an unauthorized client, but this property means the server should not give the client evidence incase the client already knows happens to know that key. This means a malicious client cannot get a list of keys (by some other mechanism) and check that those servers really are those keys. | |
| 79 | + | |
| 80 | +to realize this property it is necessary for the client to authorize to the server first, and for the server to be able to reject the client without revealing any more information. | |
Built with git-ssb-web