From 01e220d0553692048b06745cb7e7189403c576cf Mon Sep 17 00:00:00 2001 From: sp0001 Date: Thu, 19 Sep 2024 18:23:41 +0200 Subject: [PATCH] Fixed typos --- draft-irtf-cfrg-cpace.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-irtf-cfrg-cpace.md b/draft-irtf-cfrg-cpace.md index c53b7d4..9b15a6b 100644 --- a/draft-irtf-cfrg-cpace.md +++ b/draft-irtf-cfrg-cpace.md @@ -684,9 +684,9 @@ for applications that do not have a session identifier input available. If unique strings identifying the protocol partners are included either as part of the channel identifier CI, the session id sid or the associated data fields ADa, ADb, the ISK will provide implicit authentication also regarding the party identities. Incorporating party identifier strings is important for fending off relay attacks. -Such attacks become relevant in a setting where several parties, say, A, B and C, share the same password PRS. -An adversary might relay messages from a honest user A, who aims at interacting with user B, to a party C instead. -If no party identifier strings are used and B and C share the same PRS value then A might be using CPace for +Such attacks become relevant in a setting where several parties, say, A, B and C, share the same password PRS. +An adversary might relay messages from a honest user A, who aims at interacting with user B, to a party C instead. +If no party identifier strings are used and B and C share the same PRS value then A might be using CPace for establishing a common ISK key with C while assuming to interact with party B. Including and checking party identifiers can fend off such relay attacks.