Authentication using Handshake name #6
Conversation
|
I'd like to request a special attention to the Exposing the public key section. It's totally arbitrary |
|
this is awesome. do none of the commonly used .well-known/ services work for this? i'm surprised there isn't an ietf rfc that implements something like this already |
|
I checked the Wikipedia list and the IANA list but I didn't spot anything that could be used instead. |
|
What would you prefer?
|
|
@Falci I suppose if there's nothing particularly Handshake specific about the implementation, then other projects could implement it or be compatible with it as well; no need to include "hns" in the spec unless hns is actually required for it to work and it won't work without hns, you know? so the second option looks the best to me, although the third option is most aesthetically pleasing. |
|
@Falci I vote definitely not the prefix for 1, as this scheme is orthogonal to HNS. i think there is prior art that would collide with 2 and 3 so maybe some more homework is in order before committing to the protocol handler side of it. assuming there's no conflict or confusion with other schemes, i understand that there may be nothing already on the |
|
Just to keep track: this should be merged as |
|
Does this HIP still make sense after the handshake-org/hsd/pull/609 ? |
|
@Falci I think so, it's different things. Users will likely want to store names on hardware wallets and name authentication may be a situation where they want to use a different set of keys, or rotate the keys more frequently, etc. |
|
Is there a(n optional) way to use a hardware wallet as part of the authentication scheme? |
|
|
||
| ## Abstract | ||
|
|
||
| This HIP describe how to authenticate a user using his/her Handshake name. |
There was a problem hiding this comment.
This HIP describes how to authenticate a user using their Handshake name.
|
|
||
| ## Motivation | ||
|
|
||
| Many websites need to identify the user and proof he/she owns a Handshake name. Many other websites simply need to identify users, which forces them to go into a process to pick a unique username that most of the time can't be consistent across different apps. By using Handshake names as username it allows both: proof ownership of the name and consistent username across unrelated apps. |
There was a problem hiding this comment.
Many websites need to identify the user and prove they own a Handshake name. Other websites simply need to identify users, which forces the user to enter a process of picking a unique username that most of the time can't be consistent across different apps. Using Handshake names as usernames allows both to happen: prove ownership of a name and have a consistent username across unrelated apps.
|
|
||
| The basics of this protocol consist of a public and private ECDSA key. The domain exposes the public key via HTTPS request. | ||
| The Service that wants to authenticate the user should provide this user with a unique challenge. | ||
| The User signs the challenge using his/her private key and returns it to the Service, among the public key and the domain name. |
There was a problem hiding this comment.
The User signs the challenge using their private key and returns it to the Service, along with the public key and domain name.
| The basics of this protocol consist of a public and private ECDSA key. The domain exposes the public key via HTTPS request. | ||
| The Service that wants to authenticate the user should provide this user with a unique challenge. | ||
| The User signs the challenge using his/her private key and returns it to the Service, among the public key and the domain name. | ||
| The Service then validates if the challenge is correct and was correct signed. The Service also validates if the domain name indeed exposes that public key. |
There was a problem hiding this comment.
The Service then confirms the challenge is correctly signed. The Service also validates if the domain name indeed exposes the public key.
|
|
||
| ### Provider | ||
|
|
||
| The above-mentioned flow requires an extra piece of software: a user-trusted provider. This provider knows/holds the user's private key. It can run on the client-side, as a browser extension or an installed app; or it can run remotely as a regular web service. |
There was a problem hiding this comment.
The above-mentioned flow requires an extra piece of software: a user-trusted provider. This provider knows/holds the user's private key. It can run client-side, as a browser extension, as an installed app, or run remotely as a regular web service.
| When the Service is called via its callback URL, it should do the following verifications: | ||
|
|
||
| - Check if the domain exposes a public key. | ||
| - Check if the challenge is the same challenge from the request. |
There was a problem hiding this comment.
- Verify the challenge is identical from the request.
|
|
||
| When the Service is called via its callback URL, it should do the following verifications: | ||
|
|
||
| - Check if the domain exposes a public key. |
There was a problem hiding this comment.
- Verify the domain exposes a public key.
|
|
||
| - Check if the domain exposes a public key. | ||
| - Check if the challenge is the same challenge from the request. | ||
| - Verify if the signature is valid (using the already retrieved public key). |
There was a problem hiding this comment.
- Verify the signature is valid (using the already retrieved public key).
|
|
||
| Note: there's no point in adding the public key in the response from the Provider to the Service since it won't be trusted. | ||
|
|
||
| Once all verifications are complete, the Service can use the `domain` to identify the current user. |
There was a problem hiding this comment.
Once all verifications are complete, the Service can use the
domainto identify the current User.
| This proposal does not force the domain name to be a TLD. Users could authenticate themselves with `support.example` for instance. | ||
|
|
||
| There's no need to be strict with a Handshake domain name. Users could authenticate themselves with `example.com` for instance. | ||
|
|
There was a problem hiding this comment.
Additionally, there's no need to be strict with a Handshake domain name. Users could authenticate themselves with
example.com.
This HIP describe how to authenticate a user using his/her Handshake name.