On Wednesday, 6 January 2016 16:08:34 UTC, Michiel de Jong wrote: > This paper came up on the b2g-internal list today and gives a good overview: > http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/papers/EricRescorla.pdf > - cross-posting here for reference. > > > > On Wed, Dec 23, 2015 at 2:31 PM, Michiel de Jong <[email protected]> wrote: > > > Connecting from a web browser to a web site is just a special case of using > "Device A", to connect to "Device B". Looking at the generic case where > Device A and Device B can both be anyThing ;) brings up a few interesting > questions: > > 1) How can a certificate authority vouch for the identity of Device B, if it > does not have a URL? Unless we replace CA's with Web-of-Trust, this might be > something to think about as more devices come into play that have no URL. > > > 2) The user might have Device B in their eye sight. Does that help? > > If Device B can be many more things than just a web server in a data center, > then you may be able to connect to it with more accuracy. For instance, by > sticking a USB cable in it, touching it with your NFC reader, or pointing a > camera at it. > > > 3) How can you accurately connect to a device if you have no URL, and also no > physical proximity? > > > I'm not talking about how to protect Device B from unauthorized access (WPS > buttons on WiFi routers etc.). What interests me is how you as a user can > accurately identify the device you are connecting *to*. > > Curious if anyone has more thoughts on this! :) > > > > Cheers, > > Michiel.
Very rough ideas however thought it was worth writing down... Without public internet on both devices this becomes certainly very difficult. For device discovery the likes of web beacons could be a good implementation: https://dev.opera.com/articles/release-the-beacons/ This would allow the TV to announce itself to all visitors of the house etc whenever they are in range. This could be treated as completely insecure and would require the user to opt-in to connecting to the device without exposing the user directly. This insecure channel could guide the user to where the device might be or just make them aware that pairing is possible etc. In a truly connected home using this along with the ultrasonic info to gauge proximity could help users discover sensors around the home without the need for visual queues on displays etc. To pair the devices in a secure mode the user would need to doubly opt in on their phone by using something close range like NFC whilst they do some form of button click/gesture on the beacon notification/app. This type of double opt in using two channels then will be hard to spoof especially as it required a approval from the user. The local NFC communication then delivers the information for setting up a secure WebRTC connection. _______________________________________________ dev-fxos mailing list [email protected] https://lists.mozilla.org/listinfo/dev-fxos
