Closed ekr closed 4 months ago
added this to the concrete TLS PL syntax in commit https://github.com/ietf-wg-mimi/draft-ietf-mimi-content/commit/8d4eada51846fa6f31a33e1d701f86ad3471ddf3 Lines 431-432.
Normative text coming in another commit.
Also included in the CBOR syntax.
Submitted draft -03 with this fix.
As specified, the external content mechanism just contains an AEAD key that is used to encrypt the external content. The problem with this design is that it allows any receiver of the message to collude with the storage server to replace the content, because the key is sufficient to create a valid piece of external content.
The fix for this is to have a separate hash of the content in the external content reference; this prevents an attacker from substituting the content.