PIDK's propossal text is currently defined in http://www.dcbase.org/wiki/PIDK I'm opening this thread for discussion before I try to get it approved as an official extension.
This extension was intended as a backup mode for the ECID derived keys which will be used later in other extensions (like SUD1) though its usage is not recommended since it can strain the hub when many users are in it (since for each new client it need to compute new keys for all of the clients in the hub). It is also meant as a container to find all the reserved derived keys in a single place.
So, any question/complain?
PIDK PID based keys
Forum rules
If you have an account on the wiki, remember to update the ADC Proposals page for new ideas.
http://dcbase.org/wiki/ADC_Proposals_list
If you have an account on the wiki, remember to update the ADC Proposals page for new ideas.
http://dcbase.org/wiki/ADC_Proposals_list
-
klondike
- Member
- Posts: 73
- Joined: 14 Nov 2010, 13:06
Re: PIDK PID based keys
The hardcoded SALT prevents trivial attacks from being valid on all protocols.[2012-10-12 15:20] <cologic> klondike: well, I'm unsure what my dcbase forum login is (or if I have one) - so I won't respond in a particularly detailed manner since the forum is better for that...
3) "Keys are derived by the use of the HKDF function defined in rfc 5869 with the session hash, the SALT will be set to "ADC PIDK Extension"" - I'm not sure how much value a hardcoded salt adds here.
4) in http://www.dcbase.org/wiki/PIDK it conflates "secure" with "SSL". Which, given that "SSL" stands for "secure sockets layer", is pretty forgiveable. But, still less precise than preferable.
I have fixed secure to be SSL, thanks
