Don't do token requests for "bad" AUTH methods


For IDTOKENS to work in promiscuous mode, you need an insecure authorization method (bootstrapping a secure method being the whole point of promiscuous mode). Our best practice for this is currently the ANONYMOUS authorization method. However, once the promiscuous-mode window closes, we should stop responding to token-management commands sent via the ANONYMOUS method.

We should probably never respond to token-management commands under CLAIMTOBE.

Luckily, we already check to make sure the reply stream is encrypted, so there’s a natural place to expand the set of checks we do.


Zach Miller
March 19, 2021, 5:14 PM

CODE REVIEW: Looks good.

Zach Miller
February 26, 2021, 7:05 PM

I agree with the conceptual design, have not had a chance to review yet.

Due date


Time remaining



Todd L Miller