Confirmed users
471
edits
Identity/CryptoIdeas/02-Recoverable-Keywrapping: Difference between revisions
Identity/CryptoIdeas/02-Recoverable-Keywrapping (view source)
Revision as of 00:25, 28 September 2012
, 28 September 2012add Discussion section, some ideas
(add Discussion section, some ideas) |
|||
| Line 169: | Line 169: | ||
be able to take over the account, but that won't help them learn the SUK or | be able to take over the account, but that won't help them learn the SUK or | ||
the user's password). | the user's password). | ||
== Discussion == | |||
* Francois and I talked a bit about data migration: if a site moves to a new domain name, is it possible to bring the user's data along? I think it'd require an explicit authorization from the user on the old site, naming the new site, which doesn't sound very nice. Maybe some sort of .well-known on the old domain, to authorize new domains that should be allowed to get the same key? Tricky stuff. -warner 27-Sep-2012 | |||
* I'd really like to have an extension point that makes it easy for an addon to provide pairing-based no-password management of strong keys, like how Sync does it. The password-based scheme can be as strong as the password you're willing to manage, but we know most users won't use good passwords. A pairing-based scheme gives unconditional security despite user behavior, but doesn't offer password-based recovery or new-machine setup. We should enable addons to experiment with different approaches here. Specifically I'm thinking that an addon should be able to supply the "C" value in lieu of the password-based KDF. -warner 27-Sep-2012 | |||