IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

Stephen Kent <kent@bbn.com> Tue, 28 August 2012 04:27 UTC

Return-Path: <kent@bbn.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB46C21E8042 for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 21:27:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.531
X-Spam-Level:
X-Spam-Status: No, score=-106.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZsbHjgCMrB7 for <jose@ietfa.amsl.com>; Mon, 27 Aug 2012 21:27:17 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id EFD0221E803F for <jose@ietf.org>; Mon, 27 Aug 2012 21:27:16 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:50722 helo=fritz.local) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1T6DOV-000ALe-Ug for jose@ietf.org; Tue, 28 Aug 2012 00:27:16 -0400
Message-ID: <503C48A2.2040702@bbn.com>
Date: Tue, 28 Aug 2012 00:27:14 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: jose@ietf.org
References: <CE8995AB5D178F44A2154F5C9A97CAF402517E00B8B5@HE111541.emea1.cds.t-internal.com> <CE8995AB5D178F44A2154F5C9A97CAF402517E00C0E7@HE111541.emea1.cds.t-internal.com> <8777DAED-4ADA-4691-B5CD-0E5CF308BC1C@gmail.com> <CALT9B_Tnz+9=a-NPuUTeSb31fFMi1cJMB-SeM7QJmSh=XrhHTA@mail.gmail.com>
In-Reply-To: <CALT9B_Tnz+9=a-NPuUTeSb31fFMi1cJMB-SeM7QJmSh=XrhHTA@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 04:27:17 -0000

Brian,

...

Nonce alone can't be implemented efficiently.  You have to have time 
stamps as well, otherwise you are stuck storing ever nonce you've ever 
seen, forever.

In general how long one needs to retain a nonce depends on how the nonce 
is used. But I agree
that using timestamps and plus nonces together helps.

Steve

v2.41.0 | Report a Bug | By Email | System Status