[openscreenprotocol] [Auth] Trusted Displays

nigelcearnshaw has just created a new issue for https://github.com/webscreens/openscreenprotocol:

== [Auth] Trusted Displays ==
These comments relate to the authentication discussion of the open screen protocol. In particular I wanted to comment on the trusted displays discussion from the [last F2F meeting](https://www.w3.org/2018/05/17-webscreens-minutes.html#x09).

>Presentation API assumes the device is trusted. device could be compromised or impersonated on the network
>… we need to verify the identity before exchanging information”

Agree, a password usually belongs to a user and is pre-shared with the service or is an ephemeral input to a pair of devices. It cannot help in determining whether the device is to be trusted with the presentation (e.g., won’t store and forward), that has to come from the manufacturer?

If the scheme incorporates a transition from PAKE to self-signed certificate it seems important to know that the cert is ‘honest’ and that the receiver isn’t subverting the process by presenting a compromised key. This is hard because if we have a means to certify a device compliance we should have incorporated it into the whole protocol anyway.

Trusted devices have to be certified as compliant by someone (manufacturer?) and somehow be recognised as such on the wire, e.g, have public + private keys and cert - with known root.  This is difficult to coordinate. It may be that the device is generally known to be trusted within the LAN by nature of its model/spec and then has to be nominated ‘in the room’ by typing in a password, then authenticated as being ‘that device’ over the network using a PAKE protocol. 

I suppose this is just observing that for robust end to end trust the integrity of the device is a critical factor. 




Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/issues/114 using your GitHub account

Received on Thursday, 4 October 2018 15:39:25 UTC