-
Notifications
You must be signed in to change notification settings - Fork 0
updates
- Do access control from a separate secure domain (origin). This provides security and future proofs against domain name changes.
-
Don't give content hosts secret data. This way they can just restore from backup on break-in instead of having to change all the access control lists. We may even be able to turn this into an authentication integrity check feature?
-
Derive entity keys instead of randomly generating them. This makes recovery easier (and we can store less data).
Encrypt(
their public key,
SHA(my private key + their public key + deterministic string)
)
-
RELATED: Support subkeys. We need to generate an entity key per-subkey presented.
-
Support multiple crypto primitives.
-
Bootstrap off of keybase? Or google's end-to-end: https://github.com/google/end-to-end/wiki/Key-Distribution?
-
How would I do this with openauth? How many openauth servers would I need?
-
Replace ACP with xoring + hashing + signing.
-
Randomize ACP order!
-
One of the jobs of an AP is to distribute entity keys. How should an AP respond to key requests from unknown parties:
- Generate what would be the key? This means the AP must know enough secret state to generate the key at runtime (privacy/security concern).
- Generate a random key? Currently, these keys only change when the friend's public key changes so maybe not...
- Respond with
encrypted(no key)(allows users to verify that NO content has been shared with them)?
DOCUMENT THIS NOW
Unpack, explain.
- IBE: We could give every member of a group a
(gid, date)group key but these could be used to track group members. Might as well just certify temporary group keys. - Ring Signature: Group membership isn't anonymous. Doesn't really give us anything over ACP anyways.
- Group Signature: Same as ring signature.
- Group keys: Permanent. Would have to update ACLs to change.
- Per service group lists: makes fingerprinting way to easy.
- Explain stupid kerberos scheme. Security issues.