-
assigned issue to
SECDIR Review: Section 10.3 - Indication on "large entropy" and "short lifetime" should be indicated
Issue #28
resolved
Section 10.3 finally mandates authentication of the request source, something that was ambiguous in earlier sections of this document. There are some ambiguous statement here, e.g. “Since Request Object URI can be replayed, the lifetime of the Request Object URI MUST be short and preferably one-time use. The entropy of the Request Object URI MUST be sufficiently large.” The lack of guidance of what constitutes a “short” lifetime or a “sufficiently large” amount of entropy (in a short URI) is worrisome.
Comments (5)
-
reporter -
reporter As an input to your discussion with Sascha.
Simple way to resolve:
- Short = 1 min.
- Sufficiently large = 128 bits of cryptographic nonce.
Long answer:
- Short = t sec.
- Regulated access frequency to the URI = n / sec.
- Entropy of the request_uri = y bits
- Accepted probability of success of the attack = p
Then, if ( n * t / 2 ^y) / 2 < p, then the combination (n, y) is compliant to the spec.
-
reporter I added
The adequate shortness of the validity and the entropy of the Request Object URI depends on the risk calculation based on the value of the resource being protected. A general guidance for the validity time would be less than a minute and the Request Object URI is to include a cryptographic random value of 128bit or more at the time of the writing of this specification.
-
reporter Re:
#28→ <<cset 357af0c886a9>>
-
reporter - changed status to resolved
- Log in to comment