Skip to content
This repository was archived by the owner on Aug 15, 2025. It is now read-only.

Commit 24706ab

Browse files
bitfl0werbitfl0wer
committed
rename and clarify section 4.2
1 parent fd4eeee commit 24706ab

File tree

1 file changed

+9
-7
lines changed
  • docs/Protocol Specifications

1 file changed

+9
-7
lines changed

docs/Protocol Specifications/core.md

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ weight: 0
4949
- [4.1 Authentication](#41-authentication)
5050
- [4.1.1 Authenticating on a foreign server](#411-authenticating-on-a-foreign-server)
5151
- [4.1.2 Sensitive actions](#412-sensitive-actions)
52-
- [4.2 Challenge strings and key trials](#42-challenge-strings-and-key-trials)
52+
- [4.2 Key trials](#42-key-trials)
5353
- [4.3 Protection against misuse by malicious home servers](#43-protection-against-misuse-by-malicious-home-servers)
5454
- [5. Federation IDs (FIDs)](#5-federation-ids-fids)
5555
- [6. Cryptography and ID-Certs](#6-cryptography-and-id-certs)
@@ -954,13 +954,15 @@ header value represents the second factor of authentication chosen.
954954
TOTP verification code. If the chosen second factor of authentication is a password, then the
955955
value of this header is to be that password.
956956

957-
### 4.2 Challenge strings and key trials
957+
### 4.2 Key trials
958958

959-
Servers use challenge strings to verify an actor's private identity key
960-
possession without revealing the private key itself. These strings, ranging from 32 to 256
961-
UTF-8 characters, have a UNIX timestamp lifetime. If the current timestamp surpasses this
959+
Servers use key trials to verify that an actor possesses the private key to their ID-Cert(s),
960+
without revealing the private key itself. These key trials contain a "trial string", ranging from 32
961+
to 256 UTF-8 characters, have a UNIX timestamp lifetime. If the current timestamp surpasses this
962962
lifetime, the challenge fails. The actor signs the string, sending the signature and their
963-
ID-Cert to the server, which then verifies the signature's authenticity.
963+
ID-Cert to the server, which then verifies the signature's authenticity. The trial string is to be
964+
sourced from a (pseudo-)random RNG with a high entropy value. Trial string uniqueness is a key factor
965+
in preventing replay attacks.
964966

965967
!!! warning
966968

@@ -1872,7 +1874,7 @@ actor aa as Alice Old (Redirection source)
18721874
participant sa as "Alice Old" Home Server
18731875
actor ab as Alice New (Redirection target)
18741876
1875-
Note over aa, ab: These steps may be done in any order<br/>and are not necessarily sequential
1877+
Note over aa, ab: These two steps may be done in any order<br/>and are not necessarily sequential
18761878
par Verifying redirect intent by passing key trial
18771879
aa->>sa: Request redirect to Alice New
18781880
sa-)sa: Confirm "Alice New"<br/>is valid actor by resolving FID

0 commit comments

Comments
 (0)