Confirm
471
edits
Changes
→Signing Certificates
For signCertificate(), it is critical to enable payload verification by setting options.payload=true (on both client and server). Otherwise a man-in-the-middle could submit their own public key, get it signed, and then delete the user's data on the storage servers.
For signCertificate(), we do not need request confidentiality or response confidentiality, since the client's pubkey and the resulting certificate will both be exposed over a similar SSL connection to the storage server later. And it is sufficient to rely on the response integrity provided by SSL, since the client can verify the returned certificate for itself.
= Changing the Password =
[[File:PICL-IdPAuth-encrypt-passwordChange.png|Server encrypts passwordChange response]]
= Resetting the Account =
