Home/Features/crypto/proxy: Difference between revisions

← Older edit

Home/Features/crypto/proxy (view source)

Revision as of 23:23, 26 April 2011

619 bytes added , 26 April 2011

→‎Key assumption

Clyon

65

edits

@@ Line 9: / Line 9: @@
 == Key assumption ==
-That the question "shall Mozilla ever store decrypted data, or unencrypted keys, from any Sync users on its servers?" has been answered in the affirmative, and the corresponding legal and infrasec aspects have been considered.
+That the question "shall Mozilla ever store decrypted data, or unencrypted keys, from any Sync users on its servers?" has been answered in the affirmative, and the <strike> corresponding legal and infrasec aspects have been considered. </strike>
 In short: there's no point building this if it's counter to Mozilla's core goals for Sync.
 '''Fair Point - But understand that this will be completely opt-in. We will not default this and we will of course explain very well to the user what it means to flip that 'Enable Web Access' checkbox.'''
+'''<clyon> To be clear, Infrasec has not signed off on the design / implementation for Crypto Proxy'''
 == Problems the Sync Proxy tries to solve ==
+==== Transparent decryption of sync data ====
+The Crypto Proxy will expose the same API as the Sync Service. The differences are:
+* The Crypto Proxy will not work with Basic Auth but instead with Username/Access Token pairs
+* The Crypto Proxy will not return encrypted data but instead returns plain text data
+The Crypto Proxy is able to decrypt the data because it has a table that contains usernames and decryption keys for a subset of the sync data.
 ==== Sharing of Credentials ====
@@ Line 69: / Line 80: @@
 * Firefox Sync POSTs the Access Token to Firefox Home (using Basic Auth over HTTPS)
 * Firefox Home validates the credentials and then stores the usernme/AccessToken
+See also [[File:CryptoProxyFlow.pdf]]
 Firefox Home now has all info it needs to tlak to the Crypto Proxy and run it's internal Sync Client.