da2ce7
commented
2 years ago I assign the TEP Number: 12.
Closed da2ce7 closed 2 years ago
da2ce7
commented
2 years ago I assign the TEP Number: 12.
josecelano
commented
2 years ago hi @da2ce7
If I'm not wrong the two key points in your proposal are:
da2ce7
commented
2 years ago Hey @josecelano
Thanks for the questions:
- Using bitcoin-like key pairs to authenticate a user in a webapp.
Yes, I have specified the same elliptical-curve as is used in bitcoin: secp256k1.
--
- User authentication would be like API authentication with a token where you can create different tokens with different permissions.
The client sends the server URI it observes to the server, and includes this value in the "Client Authentication Token" that it generates.
I suppose after the successful authentication, the server can decide to issue a normal token as per usual.
--
Questions
- Shouldn't the user provide the original "seed" or the "private key" at the end instead of the password? In terms of UX, I think it's more or less the same, although it allows the user to define different access levels. In terms of security, it's safer, and I suppose passwordless authentication is becoming a standard. Although I do not know if this method is considered passwordless.
The client doesn't store or need the seed by default. The seed is the account "recovery phrase". This is by design:
--
- Could you provide some links where I can learn more about how to use asymmetric key encryption for authentication? I've added one below.
This protocol uses ECDH, in a very simple format:
I would love for somebody who is better at crypto than me to review the protocol and confirm that it is indeed secure.
--
- Are the generated keys valid bitcoin addresses? If so, do you think that could be useful for other features in the future?
You could turn a key-pair into bitcoin addresses, however we don't use them as bitcoin-addresses. Having some sort of asymmetric key infrastructure could be leverages for many other aspects in the future: such as the previously proposed signed-invitations.
--
- Is there already a similar implementation?
I'm sure there is, however the common ones are far-more complex than what we use here, (such as getting a CA involved with the authentication). We just use implicit proof of key ownership when deriving a common key.
--
Links
This article uses bitauth, a different algorithm for authentication: the server receives cryptographic signed requests sent by the client.
The protocol proposed here uses a mutual derivation of a client authentication token, that is used once.
da2ce7
commented
2 years ago @josecelano based upon your questions I have updated the TEP to clarify: 018f5518544893a86ea996fb63a3ba1ecb685e98
mickvandijke
commented
2 years ago Maybe instead of generating a private key for the client, we could instead add a public key field to the signup form. So that clients can use their own existing public key. We could even make this field a list so that a client can submit multiple public keys.
A client would then be able to signup using a normal password and/or a public key. I do not like the idea of only allowing authentication with public keys, as it might be too confusing to set up for some users. Keeping the option for a traditional password would be a nice fallback for these users.
josecelano
commented
2 years ago @josecelano based upon your questions I have updated the TEP to clarify: 018f551
Thank you for the clarification @da2ce7 . I have some more concrete questions above.
I think I got the "purpose" wrong. I thought it was a way to authenticate with different access permissions. But I suppose other purposes could be more like what you said: the admin can permit some public keys to generate invitations.
I have also found this proposal https://github.com/bitid/bitid/blob/master/BIP_draft.md.
da2ce7
commented
2 years ago Hello @WarmBeer
Maybe instead of generating a private key for the client, we could instead add a
public keyfield to the signup form. So that clients can use their own existing public key. We could even make this field a list so that a client can submit multiple public keys.
I don't like the idea of users generating their own public keys interdependently of our client. At least initially:
A client would then be able to signup using a normal password and/or a public key. I do not like the idea of only allowing authentication with public keys, as it might be too confusing to set up for some users. Keeping the option for a traditional password would be a nice fallback for these users.
For many users passwords could be easier, I think that providing this fallback is heading in the wrong direction:
da2ce7
commented
2 years ago @WarmBeer https://github.com/rust-bitcoin/rust-secp256k1 supports compiling to wasm :)
da2ce7
commented
2 years ago @josecelano
The standard: Web Authentication: An API for accessing Public Key Credentials, is probability the closest standard in intention to what this one provides.
da2ce7
commented
2 years ago I think that this document is ready for review. :)
da2ce7
commented
2 years ago ACK 90fb11d43fa9d89276ffb35c3e6e177ea6c6aaff
This document proposes the use of asymmetric cryptography for user accounts and their authentication.
View Here: https://github.com/da2ce7/torrust-teps/blob/tep-asymmetric_key_client_authentication/TEP-0012.md
Resolves #8