Authentication by agreement
摘要
The strong authentication property agreement, where honest agents agree on the content of all message exchanged, is introduced formally. Differences between injective and non-injective agreement are explained via a series of minimal examples. Expressing agreement using tools is also demonstrated. Differences in threat models due to public keys and symmetric keys are touched on. A large multiparty case study mixing public keys and symmetric keys based on OpenID Connect is covered in detail. Exercises lean towards the discovery of attacks and the evaluation of patches guided by secrecy and multiparty agreement properties.