[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on draft-bradner-pbk-frame-04.txt
There is an "initial leap of faith" about the pseudonymous identity
since it has no parties, other than the issuer, vouching for it, and
though only the issuer holds the private key, a man-in-the-middle
attacker may appear to hold and use the identity without good care
being taken in a protocol design that makes use of PBK. Therefore,
the designer of such a protocol should be aware of this risk and
include a challenge-response confirmation step. The challenge-
response step should have the property of needing the private key for
decryption and include a nonce.
The "good care" part could easily be misconstrued that a good use of PBK
could prevent MiTM. Does it make sense to add some more detail here
saying that careful use of PBK requires trying to minimize the set
of nodes who can succeed as MiTM?
(I think attackers that can see the packets between the communicating
peers can be a MiTM no matter what care is taken - this is a result
of the leap of faith.)
Perhaps the believed residual threats ("believed" because this is not
a complete protocol proposal that can be carefully analyzed) should be stated
in the security considerations - the believed ability to limit MiTM to
nodes that can see the nonces being exchanged.
Erik