[pubcookie-dev] Why is the Public Key used?

Russell Tokuyama russ at hawaii.edu
Mon Feb 9 11:49:28 PST 2004 

Christopher,

I'll take a stab at trying to answer your question.

As stated in the How Pubcookie Works document you referenced, the granting 
cookie contains the username of the authenticated user.  Since the 
application server will be relying on that identity, the use of public key 
cryptography gives the application server some degree of assurance that the 
identity hasn't been forged by a rogue server pretending to be the login 
server.  The assumption here is that the rogue server hasn't gotten its 
hands on the login server's private key but has been able to get the 
symmetric key shared by the application and login servers.  Without the 
granting cookie being signed by the login server, a rogue login server can 
forge the identity for any user that the application server might give 
access to.

Having said that, if the login server is compromised, the identity of any 
person using the application server is questionable because the compromised 
login server would be able to let them masquerade as any identity without 
supplying any credentials (password, pass phrase) at all.  This is true for 
all systems that rely on a trusted third party to verify the identity of 
users.

Hope this helps,
Russ


On Saturday 07 February 2004 08:27 pm, Christopher Nebergall wrote:
> I'm new to your project and have been reading through your docs.  The
> following excerpt from your How it works page.
> http://pubcookie.org/docs/how-pubcookie-works.html
>
> >The "granting coookie" is protected from tampering by being signed using
>
> the private key of the login server, and protected from disclosure >by
> being encrypted using the symmetric key shared by the application server
> and the login server.
>
> Since it sounds like the symmetric key is only known by the application
> server and the login server, what purpose does the public key signing
> serve? Since the cookie was encrypted with a symmetric key which is only
> known by 2 parties isn't that sufficient to ensure that the other party
> must have created it? How else is that cookie used that it becomes
> important that the application server can't alter it? I'm not trying to
> be critical I just don't yet understand your whole security architecture,
> and I'm interested in why you choose certain design decisions.
>
> Thanks,
> Christopher
>
>
> _______________________________________________
> pubcookie-dev mailing list
> pubcookie-dev at u.washington.edu
> http://mailman.u.washington.edu/mailman/listinfo/pubcookie-dev

More information about the pubcookie-dev mailing list