On Tue, Oct 4, 2011 at 12:46 AM, Thomson, Martin <[email protected]> wrote: > On 2011-10-04 at 13:53:53, Phillip Hallam-Baker wrote:
>> The content type is essential meta-data if the digest is going to be >> used to create a strong reference to the specified content. Otherwise >> the attacker can repurpose an image/jpeg as application/script. This >> works much better than it should because most processors simply ignore >> content they don't understand and helpfully try to resynchronize. > > You aren't making the world a less safe place if you leave the problem alone. > Or have I missed something. What makes this scheme any worse for the > attack, other than its inherent opacity? The use case there is creating a strong reference from a https page to a plain http one. In that case there is an issue. It is a real attack and an increasingly serious one. But the issue is moot since DECADE requires the ability to select between locators so that it gets one with a content type it has a codec for. > Regarding de/encryption keys: Is it really the case that you need to decrypt > before calculating the digest? Excuse my ignorance, but for a file store, I > would have thought that encryption would want to come before storage. There are pros and cons for the order of operations wrt encryption and authentication. The ideal is actually authenticate (encrypt (content + authenticate (content))) For our application I think it is pretty clear that the digest would need to be of the plaintext. I don't like revealing any info on the plaintext. I will correct that. -- Website: http://hallambaker.com/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
