Confirmed users
471
edits
Identity/AttachedServices/KeyServerProtocol: Difference between revisions
Jump to navigation
Jump to search
Identity/AttachedServices/KeyServerProtocol (view source)
Revision as of 03:08, 12 July 2013
, 12 July 2013→Signing Certificates
| Line 177: | Line 177: | ||
For signCertificate(), it is critical to enable payload verification by setting options.payload=true (on both client and server). Otherwise a man-in-the-middle could submit their own public key, get it signed, and then delete the user's data on the storage servers. | For signCertificate(), it is critical to enable payload verification by setting options.payload=true (on both client and server). Otherwise a man-in-the-middle could submit their own public key, get it signed, and then delete the user's data on the storage servers. | ||
| Line 184: | Line 182: | ||
For signCertificate(), we do not need request confidentiality or response confidentiality, since the client's pubkey and the resulting certificate will both be exposed over a similar SSL connection to the storage server later. And it is sufficient to rely on the response integrity provided by SSL, since the client can verify the returned certificate for itself. | For signCertificate(), we do not need request confidentiality or response confidentiality, since the client's pubkey and the resulting certificate will both be exposed over a similar SSL connection to the storage server later. And it is sufficient to rely on the response integrity provided by SSL, since the client can verify the returned certificate for itself. | ||
= Changing the Password = | |||
[[File:PICL-IdPAuth-encrypt-passwordChange.png|Server encrypts passwordChange response]] | |||
= Resetting the Account = | = Resetting the Account = | ||