1 Reply Latest reply on Apr 5, 2010 12:19 AM by Michael Thornburgh

    Secure nonces in rtmfp?

    satheeshpallath12 Level 1

      Hai,

       

      I read that using stratus service for end point authentication, SECURE NONCES are used.what is the nonce in rtmfp?

      Is the Peer id assigned by stratus. Is the  'endpoints' is flash player end points or FP-stratus connection?

       

      If 2 persons connecting to stratus using 2 developer key,can they talk each other?

       

      Ad.thanx


         
        • 1. Re: Secure nonces in rtmfp?
          Michael Thornburgh Adobe Employee

          RTMFP communications are fundamentally point-to-point unicast sessions.  an "endpoint" is one of the communicating entities of a point-to-point session; for example, a NetConnection in a Flash Player or AIR application, or an instance on a server such as Stratus.

           

          each endpoint generates its own peerID based on its randomly chosen cryptographic credentials.  the peerIDs generated by Flash Player and AIR applications are cryptographically pseudorandom, unique, unguessable and unforgeable.

           

          the secure nonces are private (secret), unique, unguessable and unforgeable strings shared by two communicating endpoints.  they are derived from the Diffie-Hellman shared secret that the pair of communicating endpoints negotiate at the beginning of their communications.  they are exposed in ActionScript so that they may be used as cryptographic challenges in a higher-level cryptographic authentication system that you create, without requiring an additional round-trip to exchange them yourself.  the secure nonces you share with peer A will always be different than the ones you share with peer B.  while peerIDs can be observed by passive inspection of network traffic, the secure nonces are private to the two communicating parties unless one party divulges them.

           

          at this time, any two parties connected to Stratus can communicate with each other even if each connects with a different developer key.  however, this behavior is not guaranteed and may change in the future.