openid / connect / issues / #301 - Messages - Inconsistent statements about mitigating replay attacks — Bitbucket

Issue #301 resolved

Michael Jones created an issue 2011-11-17

"nonce" is defined as "A random, unique string value used to mitigate replay attacks." (3 times!)

But then later, the spec says "The Client SHOULD check the nonce value for replay attacks. Replay attack mitigation is out of scope for this specification." (2 times!)

Are we mitigating replay attacks or not?

Comments (4)

Nat Sakimura
- assigned issue to
  
  Michael Jones
- changed status to open
- 2011-11-18T00:01:39+00:00
Nat Sakimura
- assigned issue to
  
  John Bradley
- 2011-11-18T00:05:53+00:00
Michael Jones reporter
- assigned issue to
  
  Michael Jones
Delete the sentence: Replay attack mitigation is out of scope for this specification. Add "The precise method used for detecting replay attacks using the nonce is client specific."
- 2011-12-03T02:52:32+00:00
Michael Jones reporter
- changed status to resolved
Fix ~~#301~~ Messages - Inconsistent statements about mitigating replay attacks. Also corrected the fix to ~~#386~~.

→ 513ba16ab467
- 2011-12-07T22:50:36+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!