Re: auth handshake and rendevouz objects

[Niels Möller]

Tom Hart <address@hidden> writes:

> I'm sure I'm being stupid, here, but is there any way that A can
> return a digitally-signed token to B, so that the protocol becomes:

You can use cryptography. You don't need any public-key cryptography,
though. Let S have a random secret key K which it keeps to itself
(generated at process startup, so it need not be stored anywhere, or
ever transferred).

1.   A->S:      I want to give handle x to B.
2.   S<-A:      Here's a token T. S computes T as
                <A, B, S, x, HMAC-SHA1(key, A, B, S, x>
3.   A->B:      Please use this token T to get the handle x.
4.    B->S:     Please give me a handle in return for this token.
5.    S->B:     Ok. (After verifying the MAC and contents):
6.   B->A:      Thanks. Got it now.

And as Markus said, you can replace the HMAC with just a sufficiently
large random number, if you put some more state in S. Another tricky
detail is that with this scheme, you can't reuse the values of x, and
if it's possible that x ever rolls over, S needs to generate a new key
before that happens.

But using crypto is certainly possible, but it's also overkill for
this problem.

/Niels