Labs/Weave/Sync Client Security Review: Difference between revisions

Jump to navigation Jump to search

Labs/Weave/Sync Client Security Review (view source)

Revision as of 00:15, 11 February 2010

143 bytes added ,  11 February 2010
→‎Review comments
Line 113: Line 113:
* '''Action:''' We need to have exponential backoff for authentication failures.
* '''Action:''' We need to have exponential backoff for authentication failures.
* '''Action:''' When downloading keys from the server, the client should generate the public key from the private instead of using what it just got.
* '''Action:''' When downloading keys from the server, the client should generate the public key from the private instead of using what it just got.
* '''Action:''' NIST is encouraging people get away from 2k keys by the end of 2010.
* '''Action:''' NIST is encouraging people get away from 2k keys by the end of 2010. -- Not an issue.
* Think of ways we can detect a hijack (someone could write a malicious add-on that starts directing users to their servers).
Rags
505

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/201717"

Navigation menu