Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regenerate ephemeral key for appointment booking when canceling and re-booking (?) #39

Open
adewes opened this issue Dec 3, 2021 · 0 comments
Open

Regenerate ephemeral key for appointment booking when canceling and re-booking (?) #39

adewes opened this issue Dec 3, 2021 · 0 comments
Labels
crypto Cryptography-related tasks discuss Issue for discussion, do not implement yet!

Comments

@adewes
Copy link
Member

adewes commented Dec 3, 2021

Currently the user app generates an ECDH key that it uses to encrypt data sent to the provider with an appointment booking. Currently this key is static in the sense that it won't change even if the user cancels the appointment and books another one. To increase forward secrecy we should generate a new key when sending data to a different provider.
@adewes adewes added the crypto Cryptography-related tasks label Dec 3, 2021
@adewes adewes changed the title Regenerate ephemeral key for appointment booking when canceling and re-booking Regenerate ephemeral key for appointment booking when canceling and re-booking (?) Dec 3, 2021
@adewes adewes added the discuss Issue for discussion, do not implement yet! label Dec 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Cryptography-related tasks discuss Issue for discussion, do not implement yet!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adewes