Identity/AttachedServices/KeyServerProtocol: Difference between revisions

Jump to navigation Jump to search

Identity/AttachedServices/KeyServerProtocol (view source)

Revision as of 03:33, 8 November 2013

283 bytes removed ,  8 November 2013
Remove notion of a "createToken" which we don't intend to implement
(→‎Test Vectors: update to use keyRequestKey in account/keys)
(Remove notion of a "createToken" which we don't intend to implement)
Line 26: Line 26:
* create srpVerifier from srpPW and srpSalt (as described below)
* create srpVerifier from srpPW and srpSalt (as described below)
* deliver (email, stretchParams, mainSalt, srpParams, srpSalt) to the keyserver's "POST /account/create" API
* deliver (email, stretchParams, mainSalt, srpParams, srpSalt) to the keyserver's "POST /account/create" API
To limit abuse, the createAccount() should also require a fresh "createToken". This should be created by some other API, outside the scope of this document, that perhaps requires a CAPTCHA or something. createAccount() might also require a proof-of-work token, as described below.


The server, when creating a new account, creates both kA and wrap(kB) as randomly-generated 256-bit (32-byte) strings. It stores these, along with all the remaining values, indexed by email, in the account table where they can be retrieved by getToken later.
The server, when creating a new account, creates both kA and wrap(kB) as randomly-generated 256-bit (32-byte) strings. It stores these, along with all the remaining values, indexed by email, in the account table where they can be retrieved by getToken later.
Rfkelly
Confirmed users
358

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/755255"

Navigation menu