[pubcookie-dev] Why is the Public Key used?

[Lawrence Greenfield]

I don't believe the public key signing of the granting cookie serves
any additional security over using the symmetric key to both encrypt
and authenticate (with, say, an HMAC).

That said, the current pubcookie security module (security_legacy) was
constructed to be carefully backwards compatible with older pubcookie
systems. It was also designed so that it could be replaced.

I think a new module that used AES and SHA-1 with only symmetric
operations would be perfectly acceptable and would reduce the
computational burden. I have trouble evaluating the cost/benefit
tradeoffs of creating such a module, though.

Larry

   From: "Christopher Nebergall" <ct-nebergall at wiu.edu>
   Date: Sat, 7 Feb 2004 23:27:29 -0700

   I'm new to your project and have been reading through your docs.  The
   following excerpt from your How it works page.
   http://pubcookie.org/docs/how-pubcookie-works.html

   >The "granting coookie" is protected from tampering by being signed using
   the private key of the login server, and protected from disclosure >by being
   encrypted using the symmetric key shared by the application server and the
   login server.

   Since it sounds like the symmetric key is only known by the application
   server and the login server, what purpose does the public key signing serve?
   Since the cookie was encrypted with a symmetric key which is only known by 2
   parties isn't that sufficient to ensure that the other party must have
   created it? How else is that cookie used that it becomes important that the
   application server can't alter it? I'm not trying to be critical I just
   don't yet understand your whole security architecture, and I'm interested in
   why you choose certain design decisions.

   Thanks,
   Christopher


   _______________________________________________
   pubcookie-dev mailing list
   pubcookie-dev at u.washington.edu
   http://mailman.u.washington.edu/mailman/listinfo/pubcookie-dev