[pubcookie-dev] Why is the Public Key used?
leg+ at andrew.cmu.edu
Mon Feb 16 16:05:01 PST 2004
I don't believe the public key signing of the granting cookie serves
any additional security over using the symmetric key to both encrypt
and authenticate (with, say, an HMAC).
That said, the current pubcookie security module (security_legacy) was
constructed to be carefully backwards compatible with older pubcookie
systems. It was also designed so that it could be replaced.
I think a new module that used AES and SHA-1 with only symmetric
operations would be perfectly acceptable and would reduce the
computational burden. I have trouble evaluating the cost/benefit
tradeoffs of creating such a module, though.
From: "Christopher Nebergall" <ct-nebergall at wiu.edu>
Date: Sat, 7 Feb 2004 23:27:29 -0700
I'm new to your project and have been reading through your docs. The
following excerpt from your How it works page.
>The "granting coookie" is protected from tampering by being signed using
the private key of the login server, and protected from disclosure >by being
encrypted using the symmetric key shared by the application server and the
Since it sounds like the symmetric key is only known by the application
server and the login server, what purpose does the public key signing serve?
Since the cookie was encrypted with a symmetric key which is only known by 2
parties isn't that sufficient to ensure that the other party must have
created it? How else is that cookie used that it becomes important that the
application server can't alter it? I'm not trying to be critical I just
don't yet understand your whole security architecture, and I'm interested in
why you choose certain design decisions.
pubcookie-dev mailing list
pubcookie-dev at u.washington.edu
More information about the pubcookie-dev