-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[META] Initial step to trust a device #3
Comments
Proposal 3: Let's say you have PKI accepted, then the browser will display the device's (first part of the number tag sticked to the device, serial number, model) extracted from the self signed certificate. The user can check if it's the right device and be asked to input the last part of the number tag to pin the certificate. Proposal 4: There's also the WIFI's WPS like first authentication. Upon first connection, the browser submit a time limited challenge on the device (or the opposite). The user will have to press a button on the device to validate the challenge. If the challenge is validated, the browser pin the certificate/key. The security in that case will be based on physical presence of the user in a limited time frame. Proposal 5: Using a remote validation. Let's say you have an internet host with a valid domain certificate (likely, the manufacturer). Let's say the device's fingerprint is signed by the remote host certificate. The browser, upon first connection to the device will:
|
@X-Ryl669 Regarding 5.: I'm not sure I understand this correctly. We need a mechanism here that guarantees that the trusted online domain and the yet untrusted device prove that they trust each other, e.g. by sharing a secret. |
The device fingerprint is signed by both the device private key and remote trusted domain's private key. No MITM can do that (they don't have the keys) nor can they reuse the certificate since the private key is required to generate the session's secret key (as usual in TLS). It's a bit like if the trusted online domain would act as CA, but without all the trouble. |
I see! Sounds good to me (I'm not an expert on this matter!) |
@X-Ryl669 Great! Thanks for your suggestions. Proposal 3: Checking Device Identifier in CertificateIt seems a similar approach to 1., but it provides more detailed device information and trust infrastructure. Human-readable information such as model name, manufacturer name, etc. looks more helpful for users. On the other hand, I'm skeptical about just looking at information displayed on the browser, because most of users tend to just click buttons like 'accept' or 'continue' without checking them carefully. This is one of the reasons why use of passcode authentication like PAKE is often considered. Anyway, I expect that that I-D can provide us with helpful information. Thanks! @dajiaji @yoneyajp could you review the I-D draft-friel-pki-for-devices-00 if time permits? Proposal 4: WPS-like SetupEventually, it looks like kind of passcode-based device authentication, right? In this manner, this approach seems close to 2. to me. (details are different, though) Anyway, as you have pointed out, "This requires a button on the device however." Proposal 5: Remote ValidationSome of members in this CG (W3C HTTPS in Local Network Community Group) have a keen interest in this type of approach. For example, @dajiaji has introduced his strawman proposal to issue a certificate to a devices. (His proposal looks too much detailed regardless of an early stage, though.) Anyway, that approach looks good to me. Thanks! @dajiaji @igarashi50 I wish you could put any comment here. Thanks. |
This is a meta issue to discuss how to trust a device at the first time. Unless we could rely on existing Web PKI, such an initial step would be required to determine whether the device would be the one that the user would really wish to connect. Possible approaches are:
Any additional suggestions or detailed comments for proposals are welcome!
The text was updated successfully, but these errors were encountered: