[Standards] Request for Comments: XEP: Two-factor user authentication with a shared secret

Dave Cridland dave at cridland.net
Wed Feb 5 15:56:12 UTC 2014


I'm really sorry, but I genuinely do not know what is going on at all in
your example below. Could you give a concrete example, with things like "An
app" instead of A, or whatever it's meant to be.

I just don't follow what A and B are, and why they need to authenticate to
each other, and why U and D might possibly have different accounts, and
perhaps a simple use-case might clarify things.
On 20 Dec 2013 17:47, "Teemu Väisänen" <uolevi at gmail.com> wrote:

> Thank Sergey for your message.
>
> I try to clarify it with a simple example with a device. Does it make any
> sense?
>
> A presents XMPP account of a user U.
> B presents XMPP account of the device D.
> U does not know B.
> U knows D and has it in his/her hand.
> A does not (necessarily) know B.
> B does not (necessarily) know A.
>
> 1. U starts D.
> 2. B logins in D.
> 3. A logins in D.
> 4. B generates a shared secret K.
> 5. B transmits K to A, e.g., programmatically when both A and B are in
> same D.
> 6. Both A and B know now each other (at least inside the program).
> 7. A sends K to B using presented new ad-hoc commands. A may logout
> anytime after succesful transmission.
> 8. B checks if sender's full JID is known A's full JID and checks if
> received K is correct or not.
> 9. B can be sure whether A really exists or not, whether U knew A's
> credentials or not, and that A and no-one else sent the wanted K.
>
> After this B may check, e.g., if A is authorized or not to access
> certain resources, do something, or start something.
>
>
> -Teemu V
>
>
> 2013/12/20 Sergey Dobrov <binary at jrudevels.org>:
> > Hello Teemu,
> >
> > I would like to see some example chart of some example how it works and
> > why does it need. Because current text description in the first
> > paragraph is hard to understand, from my point of view.
> >
> > Thanks.
> >
> > On 12/19/2013 06:04 PM, Teemu Väisänen wrote:
> >> Hello all.
> >>
> >> I have written a new proposal for a XEP: Two-factor user
> >> authentication with a shared secret. html and xml files can be
> >> downloaded from https://a2nets.erve.vtt.fi/TeemuVaisanen
> >>
> >> For the next version we have to think, e.g., if there should be only
> >> one ad hoc command to ask all supported mechanisms or use separate
> >> commands for each authentication mechanism (as in current version).
> >>
> >> Any questions, comments and suggestions are welcome.
> >>
> >> Best regards,
> >>
> >> Teemu Väisänen
> >>
> >
> >
> > --
> > With best regards,
> > Sergey Dobrov,
> > XMPP Developer and JRuDevels.org founder.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140205/e8a4942f/attachment.html>


More information about the Standards mailing list