On Mon, 18 Feb 2013 10:46:09 +0000 Simon Wilkinson <[email protected]> wrote:
> It's the whole RX abort problem again - errors in the RX > challenge/response are conveyed by means of RX aborts, which are > unprotected. So an attacker can cause security connection > establishment to fail with whatever error code they like. This means > that where there is a choice (of mechanisms, or of keys) an attacker > can force the connection to proceed using the a configuration of their > choosing. Relying on this for key negotiation opens us up to a > downgrade attack. Downgrade... to what? In what I described, if an attacker injects an error when we try to negotiate using afs3-bos@host, the client may try afs-rxgk@_afs.cell, which will then fail (with or without the attacker doing anything). So, where's the issue in that? Alternatively, the client can decide what to use based purely on the existence of the afs3-bos@host identity, but from the above alone, that unnecessarily restrictive. -- Andrew Deason [email protected] _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
