[openscreenprotocol] [Auth] Certificates and devices from nigelcearnshaw via GitHub on 2018-10-04 (public-webscreens@w3.org from October 2018)

From: nigelcearnshaw via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Oct 2018 15:29:46 +0000
To: public-webscreens@w3.org
Message-ID: <issues.opened-366847003-1538666984-sysbot+gh@w3.org>

nigelcearnshaw has just created a new issue for https://github.com/webscreens/openscreenprotocol:

== [Auth] Certificates and devices ==
These comments relate to the authentication discussion of the open screen protocol. In particular I wanted to comment on the devices and their certificate discussion from the [last F2F meeting](https://www.w3.org/2018/05/17-webscreens-minutes.html#x09).

There is a discussion in the meeting notes: 

> an area for exploration, with hardware backed certificates, show device number as trusted information in the UI. we could eventually find a way for trusted manufacturer public keys to incorporated

> … another idea that could be explored is generating new certificates when changing the friendly name of the device. it's about the integrity of the information we display to the user

Although the device number from a trusted device is a truth, anybody can produce a cert with any ID as the subject (if there is no root CA then there is no trusted assertion of the key-to-ID binding). If an attacker persuades the client to trust the bogus cert - because the subject matches the known ID of the receiver in the same room, the controller will authenticate with unknown receivers. IDs cannot be proxies for public keys. Perhaps receivers need to have their public keys stamping on the front? 

If there is a trusted common root CA and device specific certificate, then TLS almost wins anyway. Authentication of the specific physical device just needs a quick visual test through the channel before any confidential data. (I suppose the equivalent step in SSL is the check that the DNS domain matches the certificate  subject)

> is there a way for a controller and receiver to agree on the mechanism to use for passcode exchange (e.g, QR code, NFC, or other mechanisms)?

> … it could enable the receiver to choose which UI to present

This looks a bit  like the Wi-fi alliance device provisioning protocol 1.0 which seems to enable all of these. See https://www.wi-fi.org/discover-wi-fi/specifications


Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/issues/113 using your GitHub account

Received on Thursday, 4 October 2018 15:29:47 UTC