- From: Mike Just <Mike.Just@entrust.com>
- Date: Tue, 27 Nov 2001 11:32:44 -0500
- To: "'www-xkms-ws@w3c.org'" <www-xkms-ws@w3c.org>
Received on Tuesday, 27 November 2001 11:33:31 UTC
I don't think you need an authenticated request, just an authenticated
response that contains the relevant portions from the request. If a client
sends a Validate request with cert X, the client can store cert X until the
authenticated response is returned. If the response contains sufficient
information from the request, such as the requested cert X, then upon
receipt of the response, the client can indeed check that the returned
certificate matches their stored certificate. If an attacker were to modify
the request to include cert Y, then the client would detect this since the
response would include cert Y (where the client expected cert X).
Mike
It is important to note in the security considerations section that the
scenario Mike is talking about is only secure if you have authenticated
requests and responses. Otherwise Alice can request status of cert X and
mallet substitute cert Y in the request to get a 'valid' back.
Phill
Received on Tuesday, 27 November 2001 11:33:31 UTC