Registration requires integrity protected channel

cfrg / draft-irtf-cfrg-opaque

The OPAQUE Asymmetric PAKE Protocol

https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html

Other

100 stars 20 forks source link

Registration requires integrity protected channel #393

Closed mitar closed 1 year ago

mitar commented 1 year ago

Registration is the only stage in OPAQUE that requires a server-authenticated and confidential channel: either physical, out-of-band, PKI-based, etc.

I think the channel also has to protect integrity?

chris-wood commented 1 year ago

Perhaps this should be:

Registration is the only stage in OPAQUE that requires a server-authenticated channel with confidentiality and integrity: either physical, out-of-band, PKI-based, etc.