Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifying Public Key Ownership #3

Open
christiansmith opened this issue Jun 15, 2017 · 0 comments
Open

Verifying Public Key Ownership #3

christiansmith opened this issue Jun 15, 2017 · 0 comments
Labels
requirements

Comments

@christiansmith
Copy link
Collaborator

There are several conditions in which it may be necessary or desirable to verify public key ownership. For example:

  1. a key must be bound to a specific identity to be valid
  2. a key is obtained from a party other than it's originator
  3. ownership of a key is asserted and must be demonstrated
  4. ownership of a key is denied and must be proven

Traditionally, these problems are solved by X.509 certificates in PEM format. It's possible to modernize this technique by wrapping JWK representations of public keys in JWTs, with signatures of the appropriate parties.

Alternately, "blockchain" has been proposed by various parties as a tool for key dissemination and verification.

During the course of this demo project, we should examine various techniques, demonstrate effective strategies for verification, and outline flawed approaches, if discovered.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
requirements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@christiansmith @dazzaji