Confirm
471
edits
Changes
m
→PiCL Key Server / IdP Protocol
NOTE: This specification is under active development (27-Jun-2013). Several pieces are not yet complete. If you write any code based on this design, keep a close eye on this page and/or contact me (warner) on the #picl IRC channel to learn about changes. Eventually this will be nailed down and should serve as a stable spec for the PICL keyserver/IdP protocol.
Remaining TODO items:
* define client-side key-stretching (PBKDF2+scrypt+PBKDF2)
* finalize SRP questions (definition of M1, generation of a/b)
* finalize how getToken2() declares whether a signToken or a resetToken is desired
* provide test vectors for decrypting a resetToken
* finalize proof-of-work/DoS-prevention details
* define how wrap(kB) is unwrapped to get kB
* confirm this is actually implementable inside Firefox (especially w.r.t. NSS)
The test vectors included on this page were produced by the python code in https://github.com/warner/picl-spec-crypto . The diagrams may lag behind the latest version of that code.
