Tuesday, November 2, 2021

TLSNotary – Prove you received a webpage from a server with TLS signatures

A high level technical view of TLSNotary

This is how the main TLSNotary protocol works; PageSigner has the same core design but with some extra usability features; after you're finished here, you can read more on that here.

A user, called the 'auditee', wants to prove to another user, called the 'auditor', a certain fact attested to by an organisation (a bank, a government, a company etc.). This fact could be a monetary balance on an account, the fact of a money transfer, a particular set of identity information such as address, amongst others. The auditor and auditee create an encrypted messaging connection between each other. The auditee connects to the website as normal and logs in, and then browses to the specific page that proves the required information. Then the auditor and auditee use their encrypted connection to negotiate secrets for the SSL/TLS session such that the auditor can find out what is on the page that the auditee loads, without gaining control of the connection or seeing the auditee's login details. The diagram below gives the outline of what happens.



from Hacker News https://tlsnotary.org

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.