[ticker-dev] ticker-3.0 spec - Replace on Message ID ( Keys ??)

[Ian Lister]

On Tue, 9 Apr 2002, David Arnold wrote:
>you can send a new key in a message "authenticated" by a key from the
>previous sequence.

Ah yes. It's not just rekeying that's susceptible to this kind of attack
(essentially a form of man-in-the-middle); every message can have its
hash taken and reused so you end up with two valid-looking replacements
for the same message.

>  Ian> You don't need to do it out of band. You just send your public
>  Ian> key with your messages and consumers can verify that subsequent
>  Ian> messages were signed by an entity holding the same private key
>  Ian> as that which signed the first message.
>
>does this actually get you any greater confidence than using a
>producer-scheme key?  in both cases, all it proves is that the message
>sender(s) had access to the same private key?

Yes, it allows you to verify invidual producers, as opposed to just
verifying that the producer is in the (possibly rather large or even
infinite) set of producers permitted to send notifications that match a
particular subscription.

>  Ian> I may be happy to receive it, but not necessarily for it to
>  Ian> destroy or cause another message to be obscured.
>
>i think that is less a security issue and more a GUI/policy issue.

No, I definitely think it's a security issue. There's no point in having
this mechanism if the original message isn't at least obscured in some
manner, but as soon as you allow messages to replace others without
appropriate security measures (where I believe `appropriate' means more
than just making sure the producer has rights to send to you) you have a
potential attack.

Ian