pleroma.debian.social

pleroma.debian.social

Liberal: *through sobs* you can't just say everything is a bearer token.... Please....
Me: *points at Kerberos flying past* bearer token

This is very niche on multiple axes, it's ok if you don't get it

@mjg59 actually could you explain what "bearer" means when talking about tokens? Is it just any opaque token used for auth? If so, what's so unexpected about Kerberos tickets being "bearer tokens"?

@bugaevc Any object that is sufficient to prove your identity merely by having possession of it - and no it's not surprising that kerberos tickets fall into that, but people often don't think of them that way

@mjg59 *gestures at token-granting token*

@mjg59 @bugaevc nitpicking, I'd say it's something that shows you are authorised to do something regardless of your identity, like the (fictional) letters of transit in Casablanca or the Cardinal's carte-blanche in the Three Musketeers. ("It is by my order and for the good of the state that the bearer of this has done what he has done.")

@mjg59 @bugaevc by that logic, an SSH keypair is also a bearer token?

@grawity @bugaevc If you have everything needed to sign challenged then the difference seems semantic rather than meaningful

@mjg59 @bugaevc imo it makes the whole term "bearer token" meaningless when described like that, since then what is left that isn't a bearer token? [points at a smartcard] yeah I guess that's a bearer token as well

(the usual definition I've been using was that if the *whole thing* is sent to the peer (allowing it to be easily "re-possessed"), e.g. a cookie or literally an "Authorization: Bearer foobar=", then it's a bearer token, whereas if only some of it is sent but part of it remains secret to the possessor – be it an RSA private key to make signatures with, or a Kerberos ticket's session key to make authenticators with – then it's not a bearer token in my view)

@grawity @bugaevc But what's the difference? You steal a thing and just send it directly, you steal a thing and you perform an operation on it, what's the distinction from a threat perspective?

@mjg59 @bugaevc being able to isolate the thing, like TPMs and gss-proxy and ssh-agent and LSASS and factotum, which is straight up impossible in the case of "sending it directly", but is at least in theory possible in the case of "performing an operation"... i.e. the client doesn't necessarily *bear* the thing

(I'm wondering if we'll eventually see any sort of Linux equivalent of hypervisor-based LSASS isolation; would be neat to have ssh-agent running where the host kernel can't access it. is that the sort of thing that "confidential VMs" can in theory allow?)

@mjg59 But do they travel around in a ring topology?

@armb
A share certificate 🙂
@mjg59 @bugaevc
replies
0
announces
0
likes
0