W3C home > Mailing lists > Public > www-xkms@w3.org > May 2005

Re: Authentication codes

From: Tommy Lindberg <tommy.lindberg@gmail.com>
Date: Mon, 9 May 2005 22:05:36 +0100
Message-ID: <18ec59cc05050914054251a784@mail.gmail.com>
To: Frederic DELEON <frederic.deleon@crf.canon.fr>
Cc: www-xkms@w3.org

> Hello,
> I would have a question about shared sercrets used as authentication
> code in XKRSS requests and responses.
> In 6.1.1, it is said that in case of registration of client-generated
> key pair, Alice gets the "024837" code from server to authenticate her
> request (the code is used in <KeyBindingAuthentication>). That's ok for me.
> In 6.1.2, it is said that in case of registration of service-generated
> key pair, Bob gets the "3N9CJ-K4JKS-04JWF-0934J-SR09JW-IK4" code from
> server and that this code is used (in a key derived form) by server to
> encrypt private key value (and so by client to decrypt it). Is this code
>   also used for client request authentication
> (<KeyBindingAuthentication>) before private key generation ? Or, do we
> have to use two different codes ?

There is some advice in section 10.4 in relation to the use of shared
secrets. The spec does not disallow you using the same string for all
purposes - we found this convenient during interop. A more secure
configuration would use each secret once only.

> When looking at appendix C,
>   - in C.1.2, for Bob registration authentication key, authentication
> data is "3N9CJ-JK4JK-S04JF-W0934-JSR09-JWIK4"
>   - in C.1.3, for Bob registration private key encryption,
> authentication data is "3N9CJ-K4JKS-04JWF-0934J-SR09JW-IK4"
> It's nearly the same, but not the same (one character difference).
> Is it voluntary ?

While I didn't select them, I was consciouses about the similarity of
the two strings throughout.  This alone does not make them invalid of
course, provided that the corresponding keys differ correspondingly.

Received on Monday, 9 May 2005 21:05:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:44 UTC