Confirmed users
177
edits
DevTools/WiFi Debugging/Design: Difference between revisions
DevTools/WiFi Debugging/Design (view source)
Revision as of 00:52, 16 December 2014
, 16 December 2014Move prompt earlier in process
No edit summary |
(Move prompt earlier in process) |
||
| Line 40: | Line 40: | ||
# TLS connection established, authentication begins | # TLS connection established, authentication begins | ||
# Device sees that ComputerCert is from a unknown client (since it is new) | # Device sees that ComputerCert is from a unknown client (since it is new) | ||
# User is shown a Allow / Deny / Always Allow prompt on the Device with Computer name and hash(ComputerCert) | |||
#* If Deny is chosen, the connection is terminated and exponential backoff begins (larger with each successive Deny) | |||
#* If Allow is chosen, the connection proceeds, but nothing is stored for the future | |||
#* If Always Allow is chosen, the connection proceeds, and hash(ComputerCert) is saved for future attempts | |||
# Device waits for out-of-band data | # Device waits for out-of-band data | ||
# Computer verifies that Device's cert matches hash(DeviceCert) from the advertisement | # Computer verifies that Device's cert matches hash(DeviceCert) from the advertisement | ||
| Line 47: | Line 51: | ||
#* For non-mobile servers, some other approach is likely needed, perhaps a short code form for the user to transfer | #* For non-mobile servers, some other approach is likely needed, perhaps a short code form for the user to transfer | ||
# Device verifies that Computer's cert matches hash(ComputerCert) from out-of-band channel | # Device verifies that Computer's cert matches hash(ComputerCert) from out-of-band channel | ||
# Device sends K to Computer over the TLS connection | # Device sends K to Computer over the TLS connection | ||
# Computer verifies received value matches K | # Computer verifies received value matches K | ||