>>>>> "Sam" == Sam Hartman <[email protected]> writes:
Sam> As discussed we're looking at having a MIC token in the final message
Sam> that indicates the checksum of everything in the last token.
Sam> It's format currently is
Sam> * DER encoding of the mechanism OID
Sam> * 2 byte outer token type
Sam> Then for each inner token besides the MIC token:
Sam> * 4 byte type
Sam> * value of the token
Sam> In particular, the length of the subtokens are not included.
Sam> I think we should either include the lengths in the MIC or have a
Sam> convincing argument why you can't move bytes around between one
subtoken
Sam> and other by attacking the lengths.
No, this encoding is not safe. As far as I can tell you can simply
increase the length of one subtoken to cover other subtokens. For
example you could cause a vendor ID to eat some subtoken you didn't like
as an attacker. Other attacks also may be possible.
However I think we need to include the length. I'll write the spec
accordingly and will update the code.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
