commit 081e32e7307461a104e09d7928fef7255252db20
parent 28a41053f989450d6c7ec6204e5e044590e1c139
Author: Michael Seifert <michael@corleone.com>
Date: Sun, 2 Nov 2025 13:26:50 +0100
Creating a clearer introduction based on feedback
Diffstat:
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/youauth.texi b/youauth.texi
@@ -23,7 +23,14 @@ In the GNU tradition of crafting documentation that liberates protocols through
@node Abstract
@section Abstract
-YouAuth is a decentralized, peer-to-peer authentication and authorization protocol that empowers users with self-sovereign domain-based identities, eliminating reliance on centralized providers. By leveraging standard DNS/HTTPS resolution for ubiquity and optionally integrating with the GNU Name System (GNS) for enhanced privacy, YouAuth enables secure, consensual data sharing with granular permissions. Cryptographic primitives including ECDH over P-384, HKDF-SHA256, AES-CBC (with recommendations for AES-GCM), and EdDSA ensure end-to-end security without intermediaries. Designed for compatibility with existing web technologies, YouAuth addresses privacy concerns, tracking, and loss of control in traditional systems, fostering a user-centric internet. This specification outlines normative flows, extensions, and considerations for interoperable implementations.
+YouAuth is a lightweight decentralized, peer-to-peer authentication and authorization protocol that empowers users with self-sovereign domain-based identities. By leveraging standard DNS/HTTPS for resolution and optionally the GNU Name System (GNS) for enhanced privacy, YouAuth establishes a secure foundation for subsequent data sharing by enabling peers to mutually generate a token pair and a shared secret for end-to-end encryption (layered over HTTPS), using cryptographic primitives such as Elliptic Curve Diffie-Hellman (ECDH) over P-384 for key exchange, HKDF-SHA256 for key derivation, and AES-CBC/GCM for encryption - ensuring P2P E2E security without intermediaries.
+
+While similar decentralization could be achieved by operating their own OpenID Connect (OIDC) servers, often referred to as Bring Your Own OIDC (BYO-OIDC), YouAuth offers a more streamlined, purpose-built protocol that natively incorporates end-to-end peer-to-peer encryption, avoiding OIDC's extensive specification ecosystem and the need for custom extensions to achieve comparable security and privacy. In terms of security, YouAuth's use of HKDF(ECDH(priv_self, pub_other), salt) provides equivalence to OIDC's PKCE (Proof Key for Code Exchange) in mitigating interception and replay attacks through short-lived values and secure transport, but delivers higher security for the final secret (e.g., the Client Access Token and shared secret) by layering application-level encryption on top of HTTPS, protecting against potential decryption at intermediaries like corporate firewalls or browser extensions where TLS alone might be vulnerable.
+
+This specification outlines normative flows, extensions, and considerations for interoperable implementations.
+
+
+
@node Status of This Memo
@section Status of This Memo
