Documentation Analysis/Documents/Spec

From SQRLauth.net
Jump to: navigation, search

Outline

  • Overview of the protocol
  • Cryptography
    • Definition of cryptographic algorithms required
      • HMAC-SHA256
      • SHA256 PBKDF2
      • Ed25519 (RFC 6090 seems an appropriate reference)
      • AES-GCM: “AES/Rijndael - Galois/Counter Mode”
    • Reference examples of specific algorithms (inputs -> expected outputs)
  • Protocol
    • General requirements
      • TLS
      • Form of incoming requests
      • Form of outgoing responses
      • Response to malformed requests
      • Server storage requirements
        • IDK
        • SUK
        • VUK
        • sqrlonly (optional)
        • hardlock (optional)
    • Specific requirements by function
      • query
      • ident
      • disable
      • enable
      • remove
      • opt
      • ask
      • sin
    • Reference hashes demonstrating full range of possible inputs and outputs
  • Client
    • Storage
      • Requirements
      • Recommendations
    • User-facing functions
      • Create ID
        • key management stuff here
        • importance of rescue code
      • Export ID
      • Import ID
      • Rename ID
      • Rekey ID
      • Delete ID
      • Previous ID handling
      • Alternate IDs
      • Change password
      • Options support
      • Multi-user support?
      • Delegation protocol? (granting/revoking other IDs to operate on your behalf)
    • Minimum required support
    • Optional features
    • Reference examples of specific algorithms (inputs -> expected outputs)
  • Security Considerations
    • Proactive measures (key length, cryptographic algorithms, etc.)
    • Network environment (TLS required)
    • Remote online attacks
      • Man in the middle
      • DNS poisoning
      • Evil website
    • Local attacks
      • Shoulder surfing
      • Evil app
      • Brute force password guessing
      • Lost phone
    • Social engineering
    • Botnet account creation
  • References

Document