From a5035f59f3b0293dcf42e5e7b69143bc1eb3281a Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 4 Jun 2015 15:44:01 -0400
Subject: Change KEM Parsing to actually check claims

The name ('sub') and the time ('exp') must be checked before letting
the reuqest proceed.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 API.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'API.md')

diff --git a/API.md b/API.md
index aff7ba2..eb78581 100644
--- a/API.md
+++ b/API.md
@@ -51,9 +51,9 @@ Format:
  (flattened/decoded here for clarity)
   { "protected": { "kid": <public-key-dentifier>,
                    "alg": "a valid alg name"},
-    "payload": { "name": <name-of-secret>,
-                 "time": <unix-timestamp>,
-                 ["value": <arbitrary> ]},
+    "claims": { "sub": <name-of-secret>,
+                "exp": <unix-timestamp indicating expiration time>,
+                ["value": <arbitrary> ]},
     "signature": "XYZ...." }
 
  Attributes:
@@ -65,8 +65,10 @@ Format:
  - name-of-secret: this repeates the name of the secret embedded in the GET,
  This is used to prevent substitution attacks where a client is intercepted
  and its signed request is reused to request a different key.
- - unix-timestamp: used to limit replay attacks
- Additional payload attributes may be present, for example a 'value'.
+ - unix-timestamp: used to limit replay attacks, indicated expiration time,
+ and should be no further than 5 minutes in the future, with leway up to 10
+ minutes to account for clock skews
+ Additional claims may be present, for example a 'value'.
 
  The Message for a GET reply or a PUT is a JWS Encoded message (see above)
  nested in a JWE Encoded message:
-- 
cgit