113
edits
Services/Sync/P2P Key Exchange And Rotation: Difference between revisions
Jump to navigation
Jump to search
Services/Sync/P2P Key Exchange And Rotation (view source)
Revision as of 07:05, 22 October 2015
, 22 October 2015Added clarifying text
(Added clarifying text) |
(Added clarifying text) |
||
| Line 331: | Line 331: | ||
=== Registration Protocol v2 === | === Registration Protocol v2 === | ||
The objective of the registration protocol is for a new device to | The objective of the registration protocol is for a user, i.e. Alice, to authorise a new device and transfer to it the master key (sync key) thus allowing it to read and write encrypted data to and from the storage. To maintain the security of the master key the protocol must defend against a man-in-the-middle (MITM) attack from an adversary. Importantly for version 2 of the eXfio Peer protocol the starting assumption is that an adversary has full access to the storage '''and''' knows the password, i.e. a hostile systems administrator. | ||
When Alice registers a new device with the Weave Sync server the client first checks if there are | When Alice registers a new device with the Weave Sync server the client first checks if there are any previously registered devices. If there are no registered devices it generates a master key (MK) and initialises the storage. If there are existing registered devices it requests authorisation by following the procedure below. | ||
<ol start="0"> | <ol start="0"> | ||