[SERVER-28623] Change TimeProofService::getProof/checkProof to include keyId Created: 04/Apr/17  Updated: 29/Jan/18  Resolved: 08/May/17

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: 3.5.5
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Randolph Tan Assignee: Randolph Tan
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Sharding 2017-05-29
Participants:

 Description   

misha.tyulenev got this idea to include the keyId in the HMAC computation, and this will make it harder for malicious client to spoof the keyId



 Comments   
Comment by Misha Tyulenev [ 07/Apr/17 ]

Im trying to find out which scenario will benefit from this approach.
The key needs to be looked up before validation and it should match the keyId:

  • So if the keyId is wrong or gives the wrong key the proof can not be validated.
  • On the opposite if the keyId is right the proof will be validated anyways.
Generated at Thu Feb 08 04:18:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.