|
|
|
|
@ -92,18 +92,19 @@ potential leaks or theft.
|
|
|
|
|
|
|
|
|
|
The basic approach is to synchronize private keys among devices of the same
|
|
|
|
|
user in a secure manner by using Trustwords (cf. {{I-D.birk-pep-trustwords}})
|
|
|
|
|
confirmation between any two devices (at a time) for pairing them -- before
|
|
|
|
|
starting the security-sensitive transfer of the private key material.
|
|
|
|
|
confirmation between any two devices (at a time) for pairing them -- that is,
|
|
|
|
|
a user needs to manually compare and confirm Trustwords as a pre-condition
|
|
|
|
|
before starting the automatic and security-sensitive transfer of the private
|
|
|
|
|
key material.
|
|
|
|
|
|
|
|
|
|
## Main Challenge
|
|
|
|
|
|
|
|
|
|
Perform the synchronization in a secure manner, so that private keys are
|
|
|
|
|
not leaked or exposed to theft.
|
|
|
|
|
not leaked or exposed to theft -- end-device security being out-of-scope.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{::include ../shared/text-blocks/key-words-rfc2119.mkd}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{::include ../shared/text-blocks/terms-intro.mkd}
|
|
|
|
|
|
|
|
|
|
{::include ../shared/text-blocks/handshake.mkd}
|
|
|
|
|
|
