- From: Peter Linss <notifications@github.com>
- Date: Wed, 09 Feb 2022 17:15:06 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/686/1034381412@github.com>
> I don't feel that I understand the proposal enough to comment. An important part of the device-bound keys is that they sign a nonce from the site, proving active possession. Having them sign a synced credential provides very different security properties. I'm also unsure how new devices work in such a scheme. Happy to explain better: this stemmed from a concern about synced keys getting leaked. My thinking was that the user could have a device-bound key which is used to sign the public key of an ephemeral key pair that gets synced. When registering with a site, the device-bound key would be required to be present (to sign a site-specific ephemeral key that's generated on the fly), and the site would learn the public key of the device-bound key. However during normal usage, the site would accept a signed nonce from a key that is itself signed by the device-bound key, so the device-bound key need not be present. The model here is how CA's use an intermediate key to sign certificate requests, keeping their root key securely offline (or DNSSEC using zone-signing keys and key-signing keys). The advantage is that the synced keys could be set to expire frequently. Upon key expiration, the device-bound key would have to be presented to one of the devices that can sync the ephemeral keys and it regenerates all the ephemeral keys that need it. This operation can be done offline. This way should a synced keystore get leaked, the damage is at least limited in time somewhat (presuming the newly generated keys aren't immediately leaked, of course). This would be an additional mode to requiring direct use of a device-bound key or allowing completely software keys. It's a hybrid approach, somewhat between the two in security while presenting less of a burden on the user than a straight device-bound key, while ensuring that the user at least had access to the device-bound key relatively recently. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/686#issuecomment-1034381412 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/686/1034381412@github.com>
Received on Thursday, 10 February 2022 01:15:18 UTC