Authenticating WebRTC with Mozilla Persona, I presented this talk as an overview of work I completed during my internship at Mozilla during in the summer of 2013.
*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? ORANGE! YO EXAMPLE.COM, HERE’S PROOF YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]
*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE LOL OK HEY, PROVE YOU ARE [email protected] WHAT IS HIS FAVOURITE COLOUR? ORANGE! YO EXAMPLE.COM, HERE’S PROOF ASSERTION = PROOF OF IDENTITY YO, PERSONA.ORG, CAN YOU VERIFY THIS GUY IS [email protected]
OFFER TO BOB OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO
OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO
ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO
ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE + BOB & ALICE TALK DIRECTLY TO EACH OTHER = CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO
ANSWER TO ALICE OFFER TO BOB ANSWER TO ALICE ALL VIDEO & AUDIO SUPER SECURE CHANNEL OFFER TO BOB TELLS BOB HOW TO TALK DIRECTLY TO ALICE = TELLS ALICE HOW TO TALK TO BOB = ANSWER TO ALICE + BOB & ALICE TALK DIRECTLY TO EACH OTHER = CREATE_OFFER() ==> OFFER TO BOB CREATE_ANSWER(OFFER) ==> ANSWE R TO
CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL
CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) ALL TH E DATA ALL THE DATA CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL
CREEPY CAROL! THAT’S WHAT! CREATE_OFFER() EVIL ANSWER TO ALICE CREATE_ANSWER(OFFER) ALL TH E DATA ALL THE DATA NO DATA HERE!! :( CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) EVIL OFFER TO BOB ANSWER TO CAROL
TO ALICE IPADDR: 321:654.87.09 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AL:SO:AW:SO:ME FINGERPRINTS ARE UNIQUE TO THE USER THAT CREATED THE OFFER OR ANSWER UNIQUE! UNIQUE! OFFERS & ANSWERS “HERE IS HOW YOU CAN TALK DIRECTLY TO ME”
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ASSERTION: PROOF OF IDENTITY
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE NOT A REAL WEBSITE! BROWSER HAS TO MAKE IT OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET + ASSERTION: PROOF OF IDENTITY
TO BOB ANSWER TO ALICE AND THESE BAD BOYS? + ( ) *SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE NOT A REAL WEBSITE! BROWSER HAS TO MAKE IT OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* TO ADD: + ASSERTION: PROOF OF IDENTITY *SUPER
TO BOB ALICE HERE YA GO *SUPER ASSERTION* PERSONA CREEPY CAROL CAN’T DO THIS BECAUSE SHE ISN’T LOGGED IN AS ALICE WEBSITES CAN’T DO THIS BECAUSE THEY CANNOT SOURCE THE IFRAME DUE TO SAME-SITE ORIGIN POLICY
CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET ...AND ONE OF THESE
CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET NOW WHAT? ...AND ONE OF THESE
CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* PUT IT IN THE OFFER!! NOW WHAT? ...AND ONE OF THESE IDENTITY:
CRYPTOSTUFF: NEWSUPERCRYPTOSAUCE SO WE HAVE ONE OF THESE GUYS... OFFER TO BOB IPADDR: 123.456.78.90 CODEC: BLAHNOTIMPORTANT FINGERPRINT: AW:SO:ME:SE:CR:ET *SUPER ASSERTION* PUT IT IN THE OFFER!! NOW WHAT? ...AND ONE OF THESE IDENTITY: *SUPER OFFER TO BOB!* *SUPER ANSWER TO ALICE!* ...AND BOB CAN MAKE SUPER ANSWERS TOO
*SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE
TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB CREATE_OFFER() ==> *SUPER* OFFER TO BOB CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE
TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE
TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]
TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] SUPER POPUP! CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]
PERSONA.ORG VERIFY PLZ VERIFY PLZ *SUPER* OFFER TO BOB *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* ANSWER TO ALICE *SUPER* OFFER TO BOB *SUPER* OFFER TO BOB VERIFIED: [email protected] VERIFIED: [email protected] SUPER POPUP! CREATE_OFFER() ==> *SUPER* OFFER TO BOB VERIFIED: [email protected] CREATE_ANSWER(OFFER) ==> *SUPER* ANSWER TO ALICE VERIFIED: [email protected]
BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)
BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB PERSONA.ORG VERIFY PLZ EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)
BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER)
BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) WARNING: NOT VERIFIED!!! WARNING: NOT VERIFIED!!!
BOB CREATE_OFFER() EVIL ANSWER TO ALICE EVIL OFFER TO BOB CREATE_ANSWER(OFFER) NO DATA HERE!! :( CREEPY CAROL PERSONA.ORG VERIFY PLZ EVIL OFFER TO BOB VERIFICATION FAILED! PERSONA.ORG VERIFY PLZ VERIFICATION FAILED! EVIL ANSWER TO ALICE CREATE_OFFER() CREATE_ANSWER(EVIL_OFFER) WARNING: NOT VERIFIED!!! WARNING: NOT VERIFIED!!!
CAN AUTH ADD-ON INSTALLED TO GET SUPER OFFERS/ANSWERS OR BUILD PATCHES 884573 & 878941 TINCAN: HTTP://TINCAN.IM https://addons.mozilla.org/en-US/firefox/addon/tin-can-auth/ TIN-CAN-AUTH ADDON:
ryanseys
bkuhlmann
ivargrimstad
pospome
izumin5210
aethiopicuschan
faithandbrave
akidon0000
gunnarmorling
hanyudaeiiti
lynnandtonic
eileencodes
scottboms
chriscoyier
wjessup
cromwellryan
philhawksworth
kneath
lara
zenorocha
sachag
hatefulcrawdad
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_45.jpg){kind=link}
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_46.jpg){kind=link}
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_47.jpg){kind=link}
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_48.jpg){kind=link}
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_49.jpg){kind=link}
![*ASSERTION* EMAIL: [email protected] ORIGIN: EXAMPLE.COM CRYPTOSTUFF: SUPERCRYPTOSAUCE REMEMBER THIS? OFFER](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_50.jpg){kind=link}
![*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_73.jpg){kind=link}
![*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_74.jpg){kind=link}
![*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_75.jpg){kind=link}
![*SUPER ASSERTION* FINGERPRINT: AW:SO:ME:SE:CR:ET EMAIL: [email protected] ORIGIN: RTCWEB://PEERCONNECTION AUDIENCE: EXAMPLE.COM](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_76.jpg){kind=link}
![QUESTIONS? [email protected] EMAIL:](https://files.speakerdeck.com/presentations/38f2b1c0817f0132e9ce62139db4d2e6/slide_105.jpg){kind=link}