[openscreenprotocol] [Auth] Revisiting a previously established session from nigelcearnshaw via GitHub on 2018-10-04 (public-webscreens@w3.org from October 2018)

From: nigelcearnshaw via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Oct 2018 15:22:45 +0000
To: public-webscreens@w3.org
Message-ID: <issues.opened-366843716-1538666564-sysbot+gh@w3.org>

nigelcearnshaw has just created a new issue for https://github.com/webscreens/openscreenprotocol:

== [Auth] Revisiting a previously established session ==
These comments relate to the authentication discussion of the open screen protocol. In particular I wanted to comment on revisiting a previously established session discussion from the [last F2F meeting](https://www.w3.org/2018/05/17-webscreens-minutes.html#x09).

One discussion was around reconnection and whether a new session PAKE is needed. Specifically, the question of whether “if we use self-signed certificates, does that mean the verification of the certificate can be omitted? if J-PAKE is used for authentication”

Two things here. Verification (challenge) that the receiver has the corresponding private key and verification that the key is exclusive to that receiver and is not on many devices or on a website somewhere.

If J-PAKE were used to authenticate and provide a confidential channel, then I can see a self-signed certificate could then be received as payload through the J-PAKE channel and kept as a token ’Root’ associated with the receiver. After the PAKE tear down a TLS session could then be established with this now 'trusted' public key. This assumes the device is trusted to deliver a cert that relates to its *exclusive* private key - that this isn’t just a first step in an attack spreading a shared key aimed at subsequent sessions. So there may be a need to have a CA to certify the key is bound to a device -which perhaps defeats the motivation for PAKE

If TLS has been established using trusted device-model scoped certs then you still have to authenticate the specific device – so a password share + PAKE confirmation is still necessary. If we can’t be sure the communication is *exclusively* to the device with TLS, the TLS is of little value.

If TLS has been set up 'blindly' using untrusted certs to a receiver, then PAKE should be used to test the shared password (through the TLS Secure Channel) and set up an inner secure channel.


Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/issues/112 using your GitHub account

Received on Thursday, 4 October 2018 15:22:47 UTC