W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Re: WebID, BrowserID and NSTIC

From: Francisco Corella <fcorella@pomcor.com>
Date: Sat, 30 Jul 2011 15:13:17 -0700 (PDT)
Message-ID: <1312063997.79441.YahooMailNeo@web125516.mail.ne1.yahoo.com>
To: Peter Williams <home_pw@msn.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Cc: Karen Lewison <kplewison@pomcor.com>
> > > One difference is that, when you use <KEYGEN>, the browser that
> > > requests the certificate does not demonstrate knowledge of the private
> > > key, whereas in the proposed NSTIC architecture the certificate is
> > > issued by executing an issuance protocol (within the proposed TLS
> > > "server-initiated exchange") where the browser does have to
> > > demonstrate knowledge of the private key.
> http://old.nabble.com/The-%3Ckeygen%3E-element-td22921620.html

Oops!  I thought <KEYGEN> just sent the public key to the server.  I
didn't realize it also sends a signature computed with the associated
private key, which demonstrates knowledge of the private key.  So use
of <KEYGEN> is equivalent to the issuance protocol in the proposed
NSTIC architecture.

(For a issuing a credential such as an Idemix anonymous credential or
a U-Prove token, the issuance protocol involves an exchange of several
messages, so something like <KEYGEN> would not work.)

Francisco
Received on Saturday, 30 July 2011 22:13:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC