Tweet
Tweet

Slide 1

Slide 1 text

PERSONA + WEBRTC = <3 RYAN SEYS

Slide 2

Slide 2 text

WHAT IS PERSONA?

Slide 3

Slide 3 text

PERSONA

Slide 4

Slide 4 text

RYAN (THAT’S ME!) LOGIN.PERSONA.ORG EXAMPLE.COM

Slide 5

Slide 5 text

RYAN (THAT’S ME!) LOGIN.PERSONA.ORG EXAMPLE.COM YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 6

Slide 6 text

RYAN (THAT’S ME!) LOGIN.PERSONA.ORG EXAMPLE.COM LOL OK YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 7

Slide 7 text

RYAN (THAT’S ME!) LOGIN.PERSONA.ORG EXAMPLE.COM LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 8

Slide 8 text

RYAN (THAT’S ME!) HERE’S MY ANSWER FOR PROOF LOGIN.PERSONA.ORG EXAMPLE.COM LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? ORANGE! YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 9

Slide 9 text

RYAN (THAT’S ME!) HERE’S MY ANSWER FOR PROOF LOGIN.PERSONA.ORG EXAMPLE.COM *ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? ORANGE! YO EXAMPLE.COM, HERE’S PROOF YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 10

Slide 10 text

RYAN (THAT’S ME!) HERE’S MY ANSWER FOR PROOF LOGIN.PERSONA.ORG EXAMPLE.COM *ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? ORANGE! YO EXAMPLE.COM, HERE’S PROOF ASSERTION = PROOF OF IDENTITY YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]

Slide 11

Slide 11 text

WHAT IS WEBRTC?

Slide 12

Slide 12 text

EXAMPLE.COM EXAMPLES: VIDYO, SKYPE, GOOGLE HANGOUTS, FACETIME TRADITIONAL VIDEO CALLS ALICE BOB

Slide 13

Slide 13 text

EXAMPLE.COM EXAMPLES: VIDYO, SKYPE, GOOGLE HANGOUTS, FACETIME TRADITIONAL VIDEO CALLS YOUR DATA ALICE BOB

Slide 14

Slide 14 text

EXAMPLE.COM EXAMPLES: VIDYO, SKYPE, GOOGLE HANGOUTS, FACETIME TRADITIONAL VIDEO CALLS YOUR DATA YOUR FRIEND’S DATA ALICE BOB

Slide 15

Slide 15 text

EXAMPLE.COM EXAMPLES: VIDYO, SKYPE, GOOGLE HANGOUTS, FACETIME TRADITIONAL VIDEO CALLS ALL THE DATA BELONG TO US! NSA YOUR DATA YOUR FRIEND’S DATA ??? :( ALICE BOB

Slide 16

Slide 16 text

The interwebz ALL YOUR VIDEO/ AUDIO DATA! (ARE BELONG TO YOU) WEBRTC IT IS DIFFERENT ALICE BOB

Slide 17

Slide 17 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM

Slide 18

Slide 18 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM CREATE_OFFER() ==> OFFER TO BOB

Slide 19

Slide 19 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = CREATE_OFFER() ==> OFFER TO BOB

Slide 20

Slide 20 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = CREATE_OFFER() ==> OFFER TO BOB

Slide 21

Slide 21 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB OFFER TO BOB OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = CREATE_OFFER() ==> OFFER TO BOB

Slide 22

Slide 22 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB OFFER TO BOB OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 23

Slide 23 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB OFFER TO BOB OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 24

Slide 24 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 25

Slide 25 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 26

Slide 26 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE + BOB & ALICE TALK DIRECTLY TO EACH OTHER = CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 27

Slide 27 text

MAKING A WEBRTC CALL BOB ALICE EXAMPLE.COM OFFER TO BOB ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE ALL VIDEO & AUDIO SUPER SECURE CHANNEL OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE + BOB & ALICE TALK DIRECTLY TO EACH OTHER = CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO

Slide 28

Slide 28 text

EVIL-EXAMPLE.COM ALICE BOB WHAT’S WRONG WITH THAT?

Slide 29

Slide 29 text

EVIL-EXAMPLE.COM ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT!

Slide 30

Slide 30 text

EVIL-EXAMPLE.COM ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER()

Slide 31

Slide 31 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER()

Slide 32

Slide 32 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER()

Slide 33

Slide 33 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_OFFER()

Slide 34

Slide 34 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_OFFER() EVIL OFFER TO BOB

Slide 35

Slide 35 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB

Slide 36

Slide 36 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 37

Slide 37 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 38

Slide 38 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() CREATE_ANSWER(OFFER) CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 39

Slide 39 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 40

Slide 40 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) ALL TH E DATA ALL THE DATA CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 41

Slide 41 text

EVIL-EXAMPLE.COM OFFER TO BOB ALICE BOB WHAT’S WRONG WITH THAT? CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) ALL TH E DATA ALL THE DATA NO DATA HERE!! :( CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL

Slide 42

Slide 42 text

OMG WHAT CAN WE DO!?!

Slide 43

Slide 43 text

ENTER PERSONA + WEBRTC! OMG WHAT CAN WE DO!?!

Slide 44

Slide 44 text

OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ANSWER TO ALICE IPADDR: 321:654.87.09 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AL:SO:AW:SO:ME OFFERS & ANSWERS “HERE IS HOW YOU CAN TALK DIRECTLY TO ME”

Slide 45

Slide 45 text

OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ANSWER TO ALICE IPADDR: 321:654.87.09 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AL:SO:AW:SO:ME FINGERPRINTS ARE UNIQUE TO THE USER THAT CREATED THE OFFER OR ANSWER UNIQUE! UNIQUE! OFFERS & ANSWERS “HERE IS HOW YOU CAN TALK DIRECTLY TO ME”

Slide 46

Slide 46 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ASSERTION: PROOF OF IDENTITY

Slide 47

Slide 47 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY

Slide 48

Slide 48 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY

Slide 49

Slide 49 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY

Slide 50

Slide 50 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE NOT A REAL WEBSITE! BROWSER HAS TO MAKE IT OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY

Slide 51

Slide 51 text

*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE NOT A REAL WEBSITE! BROWSER HAS TO MAKE IT OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* TO ADD: + ASSERTION: PROOF OF IDENTITY *SUPER

Slide 52

Slide 52 text

WARNING: TECHNICAL SLIDE NEXT

Slide 53

Slide 53 text

PERSONA.ORG ALICE TECHNICAL MUMBO JUMBO

Slide 54

Slide 54 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB ALICE TECHNICAL MUMBO JUMBO

Slide 55

Slide 55 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE TECHNICAL MUMBO JUMBO

Slide 56

Slide 56 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX BROWSER HOSTS INVISIBLE SANDBOX TECHNICAL MUMBO JUMBO

Slide 57

Slide 57 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX TECHNICAL MUMBO JUMBO

Slide 58

Slide 58 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 59

Slide 59 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 60

Slide 60 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 61

Slide 61 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM IFRAME.SEND( ) /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 62

Slide 62 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM /COMMUNICATION_IFRAME IFRAME.SEND( ) /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 63

Slide 63 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM /COMMUNICATION_IFRAME IFRAME.SEND( ) ARE YO U SIGN ED IN ? /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 64

Slide 64 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM /COMMUNICATION_IFRAME IFRAME.SEND( ) ARE YO U SIGN ED IN ? YEP! W ITH ALICE@ EXAM PLE.CO M /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 65

Slide 65 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM /COMMUNICATION_IFRAME IFRAME.SEND( ) ARE YO U SIGN ED IN ? YEP! W ITH ALICE@ EXAM PLE.CO M *SUPER ASSERTION* FINGERPRINT: AW:ES:UM /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO

Slide 66

Slide 66 text

PERSONA.ORG CREATE_OFFER() ==> OFFER TO BOB FINGERPRINT: AW:ES:UM ALICE SANDBOX /.WELL-KNOWN/IDP- PROXY/BROWSERID SERVIN’ UP BROWSER HOSTS INVISIBLE SANDBOX IFRAME.DISPATCHEVENT( ) IFRAME.ADDEVENTLISTENER( ) SEND: RECEIVE: GET ASSERTION WITH: AUDIENCE: RTCWEB://... FINGERPRINT: AW:ES:UM /COMMUNICATION_IFRAME IFRAME.SEND( ) ARE YO U SIGN ED IN ? YEP! W ITH ALICE@ EXAM PLE.CO M *SUPER ASSERTION* FINGERPRINT: AW:ES:UM /.WELL-KNOWN/IDP-PROXY/BROWSERID addEventListener(‘rtcmessage’, function(e) { var message = e.data; if(message.type === ‘SIGN’) { postMessage(getSuperAssertion()); } else if(message.type === ‘VERIFY’) { postMessage(verifySuperAssertion()); } }, false); TECHNICAL MUMBO JUMBO *SUPER ASSERTION* FINGERPRINT: AW:ES:UM

Slide 67

Slide 67 text

WHAT?? ALICE PERSONA

Slide 68

Slide 68 text

WHAT?? ALICE PERSONA

Slide 69

Slide 69 text

WHAT?? YO, PERSONA! MAKE SUPER ASSERTION FOR: OFFER TO BOB ALICE PERSONA

Slide 70

Slide 70 text

WHAT?? LOL OK YO, PERSONA! MAKE SUPER ASSERTION FOR: OFFER TO BOB ALICE PERSONA

Slide 71

Slide 71 text

WHAT?? LOL OK YO, PERSONA! MAKE SUPER ASSERTION FOR: OFFER TO BOB ALICE HERE YA GO *SUPER ASSERTION* PERSONA

Slide 72

Slide 72 text

WHAT?? LOL OK YO, PERSONA! MAKE SUPER ASSERTION FOR: OFFER TO BOB ALICE HERE YA GO *SUPER ASSERTION* PERSONA CREEPY CAROL CAN’T DO THIS BECAUSE SHE ISN’T LOGGED IN AS ALICE

Slide 73

Slide 73 text

WHAT?? LOL OK YO, PERSONA! MAKE SUPER ASSERTION FOR: OFFER TO BOB ALICE HERE YA GO *SUPER ASSERTION* PERSONA CREEPY CAROL CAN’T DO THIS BECAUSE SHE ISN’T LOGGED IN AS ALICE WEBSITES CAN’T DO THIS BECAUSE THEY CANNOT SOURCE THE IFRAME DUE TO SAME-SITE ORIGIN POLICY

Slide 74

Slide 74 text

*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ...AND ONE OF THESE

Slide 75

Slide 75 text

*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET NOW WHAT? ...AND ONE OF THESE

Slide 76

Slide 76 text

*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* PUT IT IN THE OFFER!! NOW WHAT? ...AND ONE OF THESE IDENTITY:

Slide 77

Slide 77 text

*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* PUT IT IN THE OFFER!! NOW WHAT? ...AND ONE OF THESE IDENTITY: *SUPER OFFER TO BOB!* *SUPER ANSWER TO ALICE!* ...AND BOB CAN MAKE SUPER ANSWERS TOO

Slide 78

Slide 78 text

BOB ALICE EXAMPLE.COM PERSONA.ORG

Slide 79

Slide 79 text

BOB ALICE EXAMPLE.COM PERSONA.ORG CREATE_OFFER() ==> *SUPER* OFFER TO BOB

Slide 80

Slide 80 text

BOB ALICE EXAMPLE.COM PERSONA.ORG *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB

Slide 81

Slide 81 text

BOB ALICE EXAMPLE.COM PERSONA.ORG *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB

Slide 82

Slide 82 text

BOB ALICE EXAMPLE.COM PERSONA.ORG *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 83

Slide 83 text

BOB ALICE EXAMPLE.COM PERSONA.ORG *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 84

Slide 84 text

BOB ALICE EXAMPLE.COM PERSONA.ORG *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 85

Slide 85 text

BOB ALICE EXAMPLE.COM PERSONA.ORG VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 86

Slide 86 text

BOB ALICE EXAMPLE.COM PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 87

Slide 87 text

BOB ALICE EXAMPLE.COM PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE

Slide 88

Slide 88 text

BOB ALICE EXAMPLE.COM PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]

Slide 89

Slide 89 text

BOB ALICE EXAMPLE.COM PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] SUPER POPUP! CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]

Slide 90

Slide 90 text

BOB ALICE EXAMPLE.COM ALL VIDEO & AUDIO SUPER SECURE CHANNEL PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] SUPER POPUP! CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]

Slide 91

Slide 91 text

EVIL-EXAMPLE.COM ALICE BOB CREEPY CAROL PERSONA.ORG PERSONA.ORG CREATE_OFFER()

Slide 92

Slide 92 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB ALICE BOB CREEPY CAROL PERSONA.ORG PERSONA.ORG CREATE_OFFER()

Slide 93

Slide 93 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB ALICE BOB CREEPY CAROL PERSONA.ORG PERSONA.ORG CREATE_OFFER()

Slide 94

Slide 94 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB ALICE BOB CREATE_OFFER() EVIL OFFER TO BOB CREEPY CAROL PERSONA.ORG PERSONA.ORG CREATE_OFFER()

Slide 95

Slide 95 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB ALICE BOB CREATE_OFFER() EVIL OFFER TO BOB CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER()

Slide 96

Slide 96 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB ALICE BOB CREATE_OFFER() EVIL OFFER TO BOB CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 97

Slide 97 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL OFFER TO BOB CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 98

Slide 98 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL OFFER TO BOB CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 99

Slide 99 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 100

Slide 100 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG VERIFY PLZ EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 101

Slide 101 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)

Slide 102

Slide 102 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) WARNING: NOT VERIFIED!!! WARNING: NOT VERIFIED!!!

Slide 103

Slide 103 text

EVIL-EXAMPLE.COM *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE ALICE BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) NO DATA HERE!! :( CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) WARNING: NOT VERIFIED!!! WARNING: NOT VERIFIED!!!

Slide 104

Slide 104 text

I NEED THIS RIGHT NOW! TIN CAN + TIN CAN AUTH ADD-ON

Slide 105

Slide 105 text

NOTES: NO HTTPS YET... FAIL! WEBRTC.PERSONATEST.ORG NOT LOGIN.PERSONA.ORG NEED TIN CAN AUTH ADD-ON INSTALLED TO GET SUPER OFFERS/ANSWERS OR BUILD PATCHES 884573 & 878941 TINCAN: HTTP://TINCAN.IM https://addons.mozilla.org/en-US/firefox/addon/tin-can-auth/ TIN-CAN-AUTH ADDON:

Slide 106

Slide 106 text

QUESTIONS? [email protected] EMAIL: