[pubcookie-dev] Why is the Public Key used?
russ at hawaii.edu
Mon Feb 9 11:49:28 PST 2004
I'll take a stab at trying to answer your question.
As stated in the How Pubcookie Works document you referenced, the granting
cookie contains the username of the authenticated user. Since the
application server will be relying on that identity, the use of public key
cryptography gives the application server some degree of assurance that the
identity hasn't been forged by a rogue server pretending to be the login
server. The assumption here is that the rogue server hasn't gotten its
hands on the login server's private key but has been able to get the
symmetric key shared by the application and login servers. Without the
granting cookie being signed by the login server, a rogue login server can
forge the identity for any user that the application server might give
Having said that, if the login server is compromised, the identity of any
person using the application server is questionable because the compromised
login server would be able to let them masquerade as any identity without
supplying any credentials (password, pass phrase) at all. This is true for
all systems that rely on a trusted third party to verify the identity of
Hope this helps,
On Saturday 07 February 2004 08:27 pm, Christopher Nebergall wrote:
> I'm new to your project and have been reading through your docs. The
> following excerpt from your How it works page.
> >The "granting coookie" is protected from tampering by being signed using
> the private key of the login server, and protected from disclosure >by
> being encrypted using the symmetric key shared by the application server
> and the login server.
> Since it sounds like the symmetric key is only known by the application
> server and the login server, what purpose does the public key signing
> serve? Since the cookie was encrypted with a symmetric key which is only
> known by 2 parties isn't that sufficient to ensure that the other party
> must have created it? How else is that cookie used that it becomes
> important that the application server can't alter it? I'm not trying to
> be critical I just don't yet understand your whole security architecture,
> and I'm interested in why you choose certain design decisions.
> pubcookie-dev mailing list
> pubcookie-dev at u.washington.edu
More information about the pubcookie-dev