Confirmed users
471
edits
Identity/AttachedServices/KeyServerProtocol: Difference between revisions
Jump to navigation
Jump to search
m
Identity/AttachedServices/KeyServerProtocol (view source)
Revision as of 03:15, 10 July 2013
, 10 July 2013→Resetting the Account
| Line 430: | Line 430: | ||
9831a8ba250400cd | 9831a8ba250400cd | ||
d4bfc7c8a6fb3ef8 | d4bfc7c8a6fb3ef8 | ||
Clients might use resetAccount for two reasons: | |||
* 1: Changing their password (i.e. they know the old one). In this case, the resetToken is acquired from getToken("reset"), and they know both kA and kB. | |||
* 2: resetting an account (i.e. they forgot the old password). Here, resetToken was acquired by proving control over the account email address (through a mechanism not described in this protocol). The client does not know kA or kB. | |||
After using resetAccount, clients should immediately perform the getToken(sign) protocol. If the old password was forgotten, this is necessary to fetch kA. In either case, a new signToken is required, since old signTokens are revoked by resetAccount. Clients should retain the srpPassword value during this process to avoid needing to run the lengthy key-stretching routine a second time. | |||
= Creating the Account = | = Creating the Account = | ||