Your protocol looks like it would be vulnerable to a replay attack (http://en.wikipedia.org/wiki/Replay_attack) which would act as a DOS on your printer
To mitigate you'd need to have something in the signed part of the message that guarantees uniqueness, e.g. a challenge response or a "sequence number" (Don't make it strict, just require something that is larger than the previous accepted request from the user) -- Bruce Clement Home: http://www.clement.co.nz/ Twitter: http://twitter.com/Bruce_Clement Directory: http://www.searchme.co.nz/ "Before attempting to create something new, it is vital to have a good appreciation of everything that already exists in this field." Mikhail Kalashnikov -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
