[AFS3-std] Re: tokens for bosserver

Andrew Deason adeason@sinenomine.net
Mon, 18 Feb 2013 13:29:44 -0600


On Mon, 18 Feb 2013 10:46:09 +0000
Simon Wilkinson <simon@sxw.org.uk> wrote:

> It's the whole RX abort problem again - errors in the RX
> challenge/response are conveyed by means of RX aborts, which are
> unprotected. So an attacker can cause security connection
> establishment to fail with whatever error code they like. This means
> that where there is a choice (of mechanisms, or of keys) an attacker
> can force the connection to proceed using the a configuration of their
> choosing. Relying on this for key negotiation opens us up to a
> downgrade attack.

Downgrade... to what? In what I described, if an attacker injects an
error when we try to negotiate using afs3-bos@host, the client may try
afs-rxgk@_afs.cell, which will then fail (with or without the attacker
doing anything). So, where's the issue in that?

Alternatively, the client can decide what to use based purely on the
existence of the afs3-bos@host identity, but from the above alone, that
unnecessarily restrictive.

-- 
Andrew Deason
adeason@sinenomine.net