Revision as of 18:57, 28 July 2015 by Ramriot (Talk | contribs)

Jump to: navigation, search


V2.00 Proposals

Protocol Encryption

Proposals for providing authenticated encryption within the existing protocol without need of wrapping the communications within an existing format (TLS etc.)

Lost Domain Recovery

Means to allow loss of control of a domain to not mean loss of the ability to authenticate users against that domain.

Option One

Additional parameter returned on 'query' verb loop-one: altRealm={FQDN}

  1. Client gets normal SQRL{} link and sends 'query' verb message to server.
  2. Server sees idk and checks accounts, either:-
    1. No record New User
    2. No record current{}
    3. Record :: Proceed as V1 from here, see website.3/ For both a)&b) server returns additional parameters e.g. altRealm={}4/ Client sees this and *must* halt for SFN confirmation dialog toprevent key leak attack e.g:- "Site {sfn} is requesting additional keys for domain {altRealm}, proceed to cancel?"5/ User hits OK - Proceed to 6 - Cancel - Do nothing.6/ Client generates keys for *both* Realms and builds a message againstthem both e.g. client = {message inc idk, aidk} server = {all of servers previous message} ids = sign(idk,{client|server}) aids= sign(aidk,{client|server]})7/ Server validates signatures and does the following:- a) Recognises aidk & NOT idk: fetch account add idk so next time normalV1 process. b) Does not recognise eithe aidk, idk: New user process.==== Option Two ====


This category has the following 2 subcategories, out of 2 total.