Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

digest: let the client know when their authentication attempt is stale #2

Merged
merged 3 commits into from Mar 24, 2020
Merged

digest: let the client know when their authentication attempt is stale #2

merged 3 commits into from Mar 24, 2020

Conversation

mpl
Copy link

@mpl mpl commented Mar 19, 2020

This change is two-fold:

  1. it adds the distinction between two cases that were formerly only one:
  • when nc sent by client is equal to the last nc the server knows about, which is
    a hint of a replay attack)
  • when nc sent by client is inferior to the last nc the server knows about, which
    is probably just because the requests are being received out of order, compared
    to the order they were created.
  1. in the out of order case, it signals the client that the request was authenticated properly, but not in the expected session order, through the use of the stale flag.

See https://tools.ietf.org/html/rfc2617#section-3.2.1

Required for fixing traefik/traefik#4281

@mpl
digest: let the client know when their authentication attempt is stale
4400b4a 
This change is two-fold:

1) it adds the distinction between two cases that were formerly only one:

- when nc sent by client is equal to the last nc the server knows about, which is
a hint of a replay attack)
- when nc sent by client is inferior to the last nc the server knows about, which
is probably just because the requests are being received out of order, compared
to the order they were created.

2) in the out of order case, it signals the client that the request was authenticated properly, but not in the expected session order, through the use of the stale flag.

See https://tools.ietf.org/html/rfc2617#section-3.2.1

Required for fixing traefik/traefik#4281
@mpl mpl added the enhancement New feature or request label Mar 19, 2020
ldez
ldez approved these changes Mar 24, 2020
View reviewed changes
Copy link

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez merged commit a37a763 into fork-version-02 Mar 24, 2020
@ldez ldez deleted the stale branch March 24, 2020 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldez ldez ldez approved these changes

@juliens juliens Awaiting requested review from juliens

@jbdoumenjou jbdoumenjou Awaiting requested review from jbdoumenjou

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@mpl @ldez