[Specs-cx] Encryption
nara hideki
hdknr at ic-tact.co.jp
Mon Jul 5 20:01:55 UTC 2010
Hi, David,
Let me know what you mentioned more precisely.
We're using JSON Encryption Envelop to exchange privacy data.
(Spec is here :
http://bitbucket.org/Nat/jsonenc/src/tip/draft-sakimura-jsonenc-00.txt
)
It encrypt shared key in public key encryption and the payload
of canonicalized JSON string is encrypted with that shared key.
I think if those shared key is known, the payloads can be decrypted.
You might have talked about other security issues which I'm missing.
Best regards.
---
hdknr
2010/6/28 David García <david.garcia at tractis.com>:
> Hi Nat,
>
> in those cases where public keys cannot be used, because parties are not
> known yet, maybe using PBE (password based encryption) with random generated
> pass could fit this need.
> Those passwords could be stored bound to the contract and delivered to the
> party after a challenge has been passed (f.ex auth process).
>
> Best regards
>
> Dave
>
> 2010/6/25 Nat Sakimura <sakimura at gmail.com>
>>
>> I had a talk with Hide yesterday.
>> We were talking on how to preserve the privacy of the end user among
>> bunch of services.
>>
>> The agreement we had was that we should encrypt the portion of the
>> agreement specific to each server with different symmetric keys, then
>> encrypt the symmetric keys with respective server's public key and
>> OP's public key.
>>
>> We are still discussing over the cases where parties are not
>> determined at the time of the proposal and disclosing the parties to
>> other parties are privacy risk.
>> It is a bit challenging.
>>
>> --
>> Nat Sakimura (=nat)
>> http://www.sakimura.org/en/
>> http://twitter.com/_nat_en
>> _______________________________________________
>> Specs-cx mailing list
>> Specs-cx at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>
>
>
> --
> David Garcia
> CTO
> Tractis - Online contracts you can enforce
> http://www.tractis.com
> --
> Email: david.garcia at tractis.com
> Skype: deiffbcn
> Blog: http://blog.negonation.com
> Linkedin: http://www.linkedin.com/in/davebcn
>
>
>
> _______________________________________________
> Specs-cx mailing list
> Specs-cx at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>
>
More information about the Specs-cx
mailing list