113
edits
Services/Sync/P2P Key Exchange And Rotation: Difference between revisions
Services/Sync/P2P Key Exchange And Rotation (view source)
Revision as of 23:49, 17 December 2015
, 17 December 2015Simplified Registration protocol v1
(Separated out-of-band steps) |
(Simplified Registration protocol v1) |
||
| Line 161: | Line 161: | ||
When Alice registers a new device with the Weave Sync server the client first checks if there are other authorised clients, if not it initialises the storage, if so it requests authorisation by following the procedure below. | When Alice registers a new device with the Weave Sync server the client first checks if there are other authorised clients, if not it initialises the storage, if so it requests authorisation by following the procedure below. | ||
<ol start="0"> | |||
<li>Client A: Authenticate to sync server and create client record with status of 'pending'</li> | |||
<li>Client A: Send ClientAuthRequestMessage to existing authorised clients, i.e. Client B, including authcode digest (AD)</li> | |||
<li>Out-of-Band: Client A displays authcode (AC) and user enters it on Client B | |||
<li>Client B: If authcode (AC) is verified send ClientAuthResponseMessage with sync key</li> | |||
</ol> | |||
Finally Alice is notified of registration status and if successful client record is updated with status of 'approved'. | |||
<pre> | <pre> | ||
| Line 184: | Line 184: | ||
t2 AIs, MK AIp, BIp BIs, MK | t2 AIs, MK AIp, BIp BIs, MK | ||
(OoB) | (OoB) VC VD | ||
VCui = <user input> | VCui = <user input> | ||
Verified = (VD == DIGEST(VCui + DIGEST(password))) | Verified = (VD == DIGEST(VCui + DIGEST(password))) | ||