|
|
|
|
|
|
by Zamicol
1135 days ago
|
|
|
A simple proof of possession (pop), signed ahead of time, solves #3. The message:
`{"pay":{"alg":"ES256","msg":"I own this key","tmb":"9PcBWntvjAktwfiPp8WxgOyQOwc1h6Lo1UnB_gkWXKk"},"sig":"eXuV0_HYCM-WnS2CbOnGXdce-9M8AzivCw23Hihtp1h69Ix6HwWCA79FR6cs3Nym2bWJoKajtnIY0xcTnuRnNQ"}` The public key:
`{"alg":"ES256","kid":"Zami Mobile 2","x":"PZpmb3CI_2LTWcxopqjliqohPpmxFmNwKLb52wJgMg-4Xd0hTRKn7OruUMa3LvHmuTA9pHidocLHnEdOcQ04OA","tmb":"9PcBWntvjAktwfiPp8WxgOyQOwc1h6Lo1UnB_gkWXKk"}` |
|
|
A scheme could definitely be devised to add authenticator "stubs", but I don't think it's possible right now.
Unless you're saying the above is already available in the spec.