MozillaWiki

Services/Sync/WEP/115: Difference between revisions

Page Discussion

Services/Sync/WEP/115 (view source)

Revision as of 00:38, 15 June 2010

110 bytes added ,  15 June 2010
Add automated testing key for CAPTCHA
(Created page with '= WEP 115 Mongolian Crypto Scheme for Firefox Sync = * Champions: Zandr Milewski <zandr at mozilla dot com> * Status: Draft * Created: 13 Jun 2010 * [[Labs/Weave/WEPs|WEP Index…')
 
(Add automated testing key for CAPTCHA)
Line 39: Line 39:
To limit account creation to humans, the client will sent a creation request to a Ticket Server. The request contains the verifying key of the new user. The Ticket Server will will sign the request in exchange for a successful CAPTCHA, thus validating the humanity of the user.
To limit account creation to humans, the client will sent a creation request to a Ticket Server. The request contains the verifying key of the new user. The Ticket Server will will sign the request in exchange for a successful CAPTCHA, thus validating the humanity of the user.
The client then presents this signed ticket to a storage server, which creates the storage pool under that user ID. As the creation request is idempotent, there is no requirement for a one-time nonce.
The client then presents this signed ticket to a storage server, which creates the storage pool under that user ID. As the creation request is idempotent, there is no requirement for a one-time nonce.
Automated testers could sign account requests with a separate key which could be enabled on the web servers.
=== Encryption Key ===
=== Encryption Key ===
Each client also generates a symmetric key for data encryption. Using a hash of the signing key, with a different tag, allows us to use a single 256-bit secret for the entire account. This means that adding a new client requires only this secret to completely configure the client.
Each client also generates a symmetric key for data encryption. Using a hash of the signing key, with a different tag, allows us to use a single 256-bit secret for the entire account. This means that adding a new client requires only this secret to completely configure the client.
Zandr
17

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/230667"