[ANN] NameID - Use namecoin id/ to log into OpenID sites

[khal]

The phpbb plugin may use an old version of this lib.

However, the following url uses the new one :
https://dot-bit.org/forum/openid2/examples/discover.php

I missed a step in adding the startCom certificate into debian (ln -s /etc/ssl/certs/StartCom_Class_1_Primary_Intermediate_Server.crt /etc/ssl/certs/ea59305e.0).

It's now better, but Alternative Names are still not recognized by wget (it seems to be a bug in wget < 1.13-1) :
wget -S -O /dev/null https://www.nameid.org/ => OK
wget -S -O /dev/null https://nameid.org/ => http://www.nameid.org != nameid.org

So, this is now working :
https://dot-bit.org/forum/openid2/examp ... eid.org%2F

And, with the phpBB plugin, it seems to work with AND without 'www', good :p
I'm now redirected to the nameid sign-in page.

Next : I'll test the challenge message with my id :p

[khal]

From: https://nameid.org/?action=login&view=login
=> You are currently logged in as id/khal. Should we confirm your identity to the requesting page below?

After clicking "Yes" :

Create OpenID Account

You have been verified as OpeniD: https://nameid.org/?name=khal

Either your OpenID provider did not supply a valid Username and email, or the username was already taken. Please fill in these details to create your account.

Register:
...
Or you can bind this OpenID to an existing forum account.
...

My existing phpBB account should have been linked with my openId account (in the db I see this url associated with my account : https://nameid.org/?name=khal).


Next try :
- nameid.org already recognize me (no need to sign the challenge again) : You are currently logged in as id/khal. Should we confirm your identity to the requesting page below?
- I click on "Yes"
- I am logged as "khal"



Here is the URLs you can use to test the openid login :

https://dot-bit.org/forum/openid_login. ... bmit=Login

Please, test and provide some feedback
If all is working as it should, I'll activate the feature.

[snailbrain]

Khal,

i have sent you 173 messages, but not one reply (maybe slight over exaggeration )

did you review the new patch, and will you update block explorer and repos (when you think it's ok)

are you back now or still busy?

[khal]

snailbrain, I replied there : https://dot-bit.org/forum/viewtopic.php?p=6808#p6808

[domob]

khal, that is great! Thanks for working on it further, I'm looking forward to trying it out (when I'm at home where I have my names).

[virtual_master]

Good news Khal.
I see on the bottom 2 input fields:
Login Using OpenID
Login with your Provider user name
Login with your OpenID URL
and a list:
.icon http://{your-openid-url}
.icon https://www.google.com/accounts/o8/id
.icon http://yah-oo.com/
.icon http://openid.aol.com/username
.icon http://username.myopenid.com/
.icon http://flickr.com/
.icon http://username.wordpress.com
.icon http://username.blogspot.com/
.icon http://claimid.com/username
.icon http://username.myvidoop.com/
.icon http://username.pip.verisignlabs.com/
I guess this are the supported identity providers and
.icon stands for some blocked buttons.
As I see both login fields if I insert https://nameid.org/?name=namecoinidentity are redirecting to the namecoinidentity login.

[jprider63]

I can see a potential attack on this scheme when your login works for multiple sites (A, B). It would work as follows:

1. User (U) attempts to log into site A.
2. Malicious site A sends a log in request to B as the user to receive a challenge (C).
3. A sends U the challenge C.
4. U signs C and sends A sign(k,C).
5. A sends B sign(k,C). Now A is authenticated as A on

Does the system protect against this? Also, do challenges time out?

[biolizard89]

I can see a potential attack on this scheme when your login works for multiple sites (A, B). It would work as follows:

1. User (U) attempts to log into site A.
2. Malicious site A sends a log in request to B as the user to receive a challenge (C).
3. A sends U the challenge C.
4. U signs C and sends A sign(k,C).
5. A sends B sign(k,C). Now A is authenticated as A on

Does the system protect against this? Also, do challenges time out?

Is your inquiry directed at the OpenID gateway, or the trust-free library?

[domob]

I can see a potential attack on this scheme when your login works for multiple sites (A, B). It would work as follows:

1. User (U) attempts to log into site A.
2. Malicious site A sends a log in request to B as the user to receive a challenge (C).
3. A sends U the challenge C.
4. U signs C and sends A sign(k,C).
5. A sends B sign(k,C). Now A is authenticated as A on

Does the system protect against this? Also, do challenges time out?

Not sure I understand exactly what you have in mind (namely, OpenID gateway vs trust-free library as biolizard89 asked already), but I don't see a problem here. In the first case, there's no problem at all, because the login only works at the OpenID gateway anyway. So assume the latter case. For this, however, the challenges include the URI of the site the user wants to log in (and the Mozilla add-on automatically inserts the actual URI, so a malicious site can't trick the add-on into signing challenges for other sites).

Challenges don't have an explicit time-stamp, but of course they time out when the server clears the session. Challenge nonces are stored as part of the session. I hope I could make myself clear about how the system works - if you still see a potential vulnerability, please let me know so I can think about a fix! (But I don't see one at the moment, although I'm no professional cryptographer.)

[jprider63]

I can see a potential attack on this scheme when your login works for multiple sites (A, B). It would work as follows:

1. User (U) attempts to log into site A.
2. Malicious site A sends a log in request to B as the user to receive a challenge (C).
3. A sends U the challenge C.
4. U signs C and sends A sign(k,C).
5. A sends B sign(k,C). Now A is authenticated as A on

Does the system protect against this? Also, do challenges time out?

Not sure I understand exactly what you have in mind (namely, OpenID gateway vs trust-free library as biolizard89 asked already), but I don't see a problem here. In the first case, there's no problem at all, because the login only works at the OpenID gateway anyway. So assume the latter case. For this, however, the challenges include the URI of the site the user wants to log in (and the Mozilla add-on automatically inserts the actual URI, so a malicious site can't trick the add-on into signing challenges for other sites).

Challenges don't have an explicit time-stamp, but of course they time out when the server clears the session. Challenge nonces are stored as part of the session. I hope I could make myself clear about how the system works - if you still see a potential vulnerability, please let me know so I can think about a fix! (But I don't see one at the moment, although I'm no professional cryptographer.)

I suppose it would be easier to reason about if the protocol was written up and published. From what I can tell, U requests a log in to A. A returns C, which is composed of U's id and a nonce. U signs the challenge and returns it to A. A verifies the challenge and logs U in.

What is the trust-free library? A plug in that allows many sites to use this protocol for authentication?

The attack I mentioned would work when a user can use this authentication protocol to log into multiple sites (ignore OpenID). Perhaps having the Mozilla add-on insert the actual URI could offer some protection, however it may still leave open social engineering attacks like phishing. Also, if the user is being man-in-the-middled, he could be tricked into signing a challenge for a different site.

A potential solution to this problem would be to include the website's public key in the challenge (or /d name so this could be recovered). Client side software (Mozilla add-on) should probably keep a list of known public keys (or /d names) like SSH does. The user can then verify a site's information and public key while logging into a site for the first time. The response could then be improved so that it is encrypted using the site's public key. Therefore the response is only good for that site since only that site can decrypt the challenge.