a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

2.3. Protocol Operation

This protocol enables, and depends on, the establishment of a shared-secret arrangement between the requester and the responder. The protocol has two distinct stages; "initialization" and "continuation". Initialization establishes a shared-secret between the requester and responder via a request/response transaction between the two. It is within this initialization transaction that the public keys of the peers are employed for mutual authentication.

Subsequent continuation transactions carry conventional message payloads. They reference the shared secret established by the initialization stage, and depend on both peers' knowledge of it for their security features. No temporal constraint is placed on the validity of the shared-secret arrangement, which may be chosen independently by either peer to be anything from very short lived to essentially permanent. (The initialization stage could in fact be effected by another process entirely outside of this specification.)

The responder is first authenticated in the initialization stage by the use of digital signatures. The requester is authenticated in each continuation transaction by the use of message authentication codes. This asymmetry allows the requester to authenticate the responder before sending it any data, while keeping all public-key and other key-exchange operations within the single initialization transaction. This mitigates the state-management requirements and ensures that computationally expensive operations are avoided in subsequent continuation messages, of which there may be an arbitrary number.
© Secarta. All rights reserved.