openscreenprotocol icon indicating copy to clipboard operation
openscreenprotocol copied to clipboard

Published 20 hours ago verified publisher icon w3c

[Auth] Revisiting a previously established session

Open nigelcearnshaw opened this issue 7 years ago • 1 comments

These comments relate to the authentication discussion of the open screen protocol. In particular I wanted to comment on revisiting a previously established session discussion from the last F2F meeting.

One discussion was around reconnection and whether a new session PAKE is needed. Specifically, the question of whether “if we use self-signed certificates, does that mean the verification of the certificate can be omitted? if J-PAKE is used for authentication”

Two things here. Verification (challenge) that the receiver has the corresponding private key and verification that the key is exclusive to that receiver and is not on many devices or on a website somewhere.

If J-PAKE were used to authenticate and provide a confidential channel, then I can see a self-signed certificate could then be received as payload through the J-PAKE channel and kept as a token ’Root’ associated with the receiver. After the PAKE tear down a TLS session could then be established with this now 'trusted' public key. This assumes the device is trusted to deliver a cert that relates to its exclusive private key - that this isn’t just a first step in an attack spreading a shared key aimed at subsequent sessions. So there may be a need to have a CA to certify the key is bound to a device -which perhaps defeats the motivation for PAKE

If TLS has been established using trusted device-model scoped certs then you still have to authenticate the specific device – so a password share + PAKE confirmation is still necessary. If we can’t be sure the communication is exclusively to the device with TLS, the TLS is of little value.

If TLS has been set up 'blindly' using untrusted certs to a receiver, then PAKE should be used to test the shared password (through the TLS Secure Channel) and set up an inner secure channel.

nigelcearnshaw avatar Oct 04 '18 15:10 nigelcearnshaw

The 1.0 spec states that mutual authentication is required by the two agents before exchanging private data, and suggests that re-authentication is required, but is not fully specific on the details. I think the spec should offer more guidance as to when re-authentication is allowed and required after initial auth.

markafoltz avatar May 02 '19 22:05 markafoltz

Discussion of how certificates are stored and re-used is here:

https://w3c.github.io/openscreenprotocol/#certificates

Specifically:

If an OSP agent sees a valid agent certificate it has verified through authentication, it is not required to initiate authentication with that agent before sending further messages.

markafoltz avatar Sep 07 '23 00:09 markafoltz