You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: COLDWIRE_PROTOCOL.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,8 +77,11 @@ The HTTP specification requires it, needed incase a Coldwire server implementati
77
77
In `Coldwire` there is no concept of `registration` or `login`, instead, a user generates their `ML-DSA-87` keypair, sends the `public_key` to server, then authenticates by signing the given challenge.
78
78
79
79
The request payload **must** be in `JSON`, and the response will also be in `JSON`.
80
+
80
81
**note** that `JSON` requests and responses only applies for the *authentication API* endpoints.
81
82
83
+
The `JWT` algorithm must be `HS512` (`SHA-3-512`)
84
+
82
85
#### 3.1. Authentication Initialization (`Alice`)
83
86
`Alice` sends an HTTP `POST` request to the endpoint running `Coldwire`
84
87
```
@@ -133,18 +136,19 @@ There is no expiration timestamp in the `JWT token`, the user simply keeps using
133
136
Even though there are no expiration timestamp, client implementations must always authenticate on application startup.
134
137
135
138
#### 3.3. Authentication Notes
136
-
The reason we do include an expiration timestamp in the `JWT token` is to help reduce metadata emitting from both server, and client.
139
+
The reason we do not include an "expiration timestamp" in the `JWT token`, is to help reduce metadata emitting from both the server, and the client.
137
140
138
141
*Coldwire* server operators are recommended to rotate their `JWT secret` every month for cryptographic hyiegene, if you can rotate it more frequently, that is acceptable. The protocol does not enforce any `JWT secret` rotations.
139
142
140
143
Additionally, even if a user's `JWT token` is compromised, no catastrophic security issues arise, except potential denial-of-service risks for the user.
141
-
Old messages cannot be retrieved and new messages cannot be read, contact list cannot be recovered, etc.
142
-
New contacts can't be verified because the attacker wouldn't know a contact's `SMP` answer, only the real user does.
143
144
145
+
Old messages cannot be retrieved and new messages cannot be read, full contact list cannot be recovered, etc.
146
+
147
+
New contacts can't be verified because the attacker wouldn't know a contact's `SMP` answer, only the real user does.
144
148
145
149
If a server `JWT secret` is compromised, no catastrophic security issues arise, except potential denial-of-service risks for the server and its users.
146
150
147
-
The reason old and new messages cannot be read, is because we utilize the `Strandlock protocol` for true end-to-end encryption.
151
+
The reason even new messages cannot be read, is because we utilize the `Strandlock protocol` for true end-to-end encryption.
148
152
149
153
Messages are not just computationally safe, but in some scenarios, the message become uncrackable even with infinite computing power (to an adversary who only has access to a message's ciphertext, and not KEM's ciphertext, in which case OTP security inherits the algorithms in question security properties).
0 commit comments