CVS commit: src/crypto/external/bsd/netpgp/dist/src/libpaa

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/crypto/external/bsd/netpgp/dist/src/libpaa
From: "Alistair G. Crooks" <agc%netbsd.org@localhost>
Date: Fri, 10 Sep 2010 05:15:16 +0000

Module Name:    src
Committed By:   agc
Date:           Fri Sep 10 05:15:16 UTC 2010

Added Files:
        src/crypto/external/bsd/netpgp/dist/src/libpaa:
            PubKeyAccessAuthScheme.txt client.c libpaa.3 libpaa.c libpaa.h
            server.c

Log Message:
Add an implementation of the Pubkey Access Authentication Scheme proposed
by Oliver Gould in

        http://www.olix0r.net/PubKeyAccessAuthScheme.txt

This implementation includes an example client and server program, but
is not (yet) hooked into the build.

To quote from Oliver's RFC:

        HTTP services are a core Internet technology, yet the Digest
        authentication scheme provided by RFC 2617 only describes
        authentication by way of shared-secrets (i.e.  passwords).
        This model has operational drawbacks, as authenticating
        services are required to have access to a user's secret (or a
        hash thereof), or retrograde technologies, such as cookies,
        are employed.

        Similarly to SSH's "publickey" authentication method [RFC
        4252], the PubKey Access Authentication scheme allows an HTTP
        server to authenticate clients using public key credentials.

        Like the Digest Access Authentication Scheme [RFC 2617], the
        PubKey.v1 scheme is based on a simple challenge-response
        paradigm.  The PubKey scheme responds to unauthorized clients
        with a challenge value; and a valid response contains a
        cryptographic signature of client's id, the authentication
        realm, and the server's challenge.

        The client's secret never leaves the client.  The server
        verifies the client's signed authorization request with the
        client's published public keys.

libpaa(3) uses libnetpgp(3) for its digital signatures, SHA1Init(3)
for digests, and base64 encoding for transmission of data.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/PubKeyAccessAuthScheme.txt \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/client.c \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.3 \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.c \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/libpaa.h \
    src/crypto/external/bsd/netpgp/dist/src/libpaa/server.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/crypto/external/bsd/netpgp/dist/src/pgp2ssh
Next by Date: CVS commit: src/crypto/external/bsd/netpgp/libpaa
Previous by Thread: CVS commit: src/crypto/external/bsd/netpgp/dist/src/pgp2ssh
Next by Thread: CVS commit: src/crypto/external/bsd/netpgp/libpaa
Indexes:

Home | Main Index | Thread Index | Old Index