67ef84a1b4fda7219bd122005654988e5e3561e6 - release.go.x.ref

commit	67ef84a1b4fda7219bd122005654988e5e3561e6	[log] [tgz]
author	Suharsh Sivakumar <suharshs@google.com>	Fri Feb 13 13:04:44 2015 -0800
committer	Suharsh Sivakumar <suharshs@google.com>	Fri Feb 13 13:05:08 2015 -0800
tree	db7477cb6aff8c925b39f7d43728dc087059278b
parent	37758d2f58a095a9c41c4daa819a7373d3b2c284 [diff]

veyron/tools/principal: Fix possible man in the middle attack by having
the principal tool check the public key of the server.

There is a potential man in the middle attack when the principal tool
makes the final RPC to exchange the macaroon for a Blessings.
This CL fixes this by having the identity server send the PublicKey of
the Principal at the server along with the macaroon. The principal tool
then checks that the PublicKey in the RemoteBlessings matches the previously
sent PublicKey.

Change-Id: I68028af810280c0107c7ccf4ff70a50710696032

runtimes/google/ipc/client.go[diff]
services/identity/oauth/handler.go[diff]
tools/principal/bless.go[diff]
tools/principal/main.go[diff]

4 files changed

tree: db7477cb6aff8c925b39f7d43728dc087059278b

lib/
profiles/
runtimes/
security/
services/
tools/