diff options
author | Simo Sorce <simo@redhat.com> | 2015-06-04 15:44:01 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-06-04 16:55:27 -0400 |
commit | a5035f59f3b0293dcf42e5e7b69143bc1eb3281a (patch) | |
tree | 7f42e632d0e2314c13ddf1fb52e24361c04ce9ff /API.md | |
parent | 7e7450a7a20b29d141bc9e189c6fc563a03bb6b9 (diff) | |
download | custodia-a5035f59f3b0293dcf42e5e7b69143bc1eb3281a.tar.gz custodia-a5035f59f3b0293dcf42e5e7b69143bc1eb3281a.tar.xz custodia-a5035f59f3b0293dcf42e5e7b69143bc1eb3281a.zip |
Change KEM Parsing to actually check claims
The name ('sub') and the time ('exp') must be checked before letting
the reuqest proceed.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'API.md')
-rw-r--r-- | API.md | 12 |
1 files changed, 7 insertions, 5 deletions
@@ -51,9 +51,9 @@ Format: (flattened/decoded here for clarity) { "protected": { "kid": <public-key-dentifier>, "alg": "a valid alg name"}, - "payload": { "name": <name-of-secret>, - "time": <unix-timestamp>, - ["value": <arbitrary> ]}, + "claims": { "sub": <name-of-secret>, + "exp": <unix-timestamp indicating expiration time>, + ["value": <arbitrary> ]}, "signature": "XYZ...." } Attributes: @@ -65,8 +65,10 @@ Format: - name-of-secret: this repeates the name of the secret embedded in the GET, This is used to prevent substitution attacks where a client is intercepted and its signed request is reused to request a different key. - - unix-timestamp: used to limit replay attacks - Additional payload attributes may be present, for example a 'value'. + - unix-timestamp: used to limit replay attacks, indicated expiration time, + and should be no further than 5 minutes in the future, with leway up to 10 + minutes to account for clock skews + Additional claims may be present, for example a 'value'. The Message for a GET reply or a PUT is a JWS Encoded message (see above) nested in a JWE Encoded message: |