IETF Logo Mail Archive

[TLS] one time passwords from private keys

Story Henry <henry.story@bblfish.net> Sun, 28 February 2010 14:52 UTC

Return-Path: <hjs@bblfish.net>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7429A28C141 for <tls@core3.amsl.com>; Sun, 28 Feb 2010 06:52:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.601
X-Spam-Level:
X-Spam-Status: No, score=0.601 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_43=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ww1fXDDp+ntv for <tls@core3.amsl.com>; Sun, 28 Feb 2010 06:52:08 -0800 (PST)
Received: from bblfish.net (rust.entic.net [199.89.53.222]) by core3.amsl.com (Postfix) with ESMTP id 625CE3A879A for <tls@ietf.org>; Sun, 28 Feb 2010 06:52:08 -0800 (PST)
Received: from alagny-551-1-59-244.w86-218.abo.wanadoo.fr ([86.218.2.244] helo=bblfish.home) by bblfish.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <hjs@bblfish.net>) id 1NlkV5-0007ZX-Cg; Sun, 28 Feb 2010 06:52:07 -0800
From: Story Henry <henry.story@bblfish.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 28 Feb 2010 15:51:58 +0100
Message-Id: <BE3A063A-34C7-47B4-886E-F8FB369159E3@bblfish.net>
To: Semantic Web <semantic-web@w3.org>, tls@ietf.org, Working Group HTTP <ietf-http-wg@w3.org>
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
Sender: hjs@bblfish.net
X-Mailman-Approved-At: Wed, 03 Mar 2010 10:13:17 -0800
Subject: [TLS] one time passwords from private keys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2010 14:52:44 -0000

Hello,

   I am looking around to see if anyone knows an algorithm to allow one to produce a one time password [1] from the private key part of an asymmetric key pair. 

The article "Public-Key Cryptography and Password Protocols"
http://www.cparity.com/projects/AcmClassification/samples/322514.pdf 
shows how to do the inverse.

  The idea is to make it possible to authenticate into any web site using this one time password. The public key would be tied to a WebId/OpenId, following something like the following steps:

1. A server should be able to know for any webId/openid the public key of that id

2. the user will have 
  - the private key
  - using its private key (and perhaps a time stamp, or a nonce from the server, ... ) the user's software would calculate a one time password which the user could then send with its WebId/OpenId to the server

3. the server which gets the openid/webid find the public key securely and use
  that to verify the one time password (somehow)

This would allow us to make it easy to create RESTful authentication for devices with broken (Safari on desktop and iphone) or non existent client side certificates (Android, and most other phones).

For devices with working client side certificates we have foaf+ssl that works reasonably well currently - though we would love the browser vendors to implement user interface improvements. http://esw.w3.org/topic/foaf+ssl

 
   What we are looking may be impossible. But we can't tell before looking :-)
Also if you know of lists that are open source/open standard spirited that you think I should send this question to, please let me know.

	Henry

[1] http://en.wikipedia.org/wiki/One_time_password
    http://code.google.com/p/mod-authn-otp/wiki/OneTimePasswords

Social Web Architect
http://bblfish.net/

v2.23.0 | Report a Bug | By Email