Services/Sync/KeyRecovery: Difference between revisions

Services/Sync/KeyRecovery (view source)

87 bytes added , 22 September 2011

Confirmed users

358

edits

Revision as of 04:45, 22 September 2011 (view source) Rfkelly (talk \| contribs) No edit summary ← Older edit		Revision as of 04:47, 22 September 2011 (view source) Rfkelly (talk \| contribs) (→‎Wider Implications) Newer edit →
Line 162:		Line 162:
	Ideally, we would move to a system that can provide authentication without the server learning the user's password. HTTP-Digest-Auth at a minimum. Something like the Secure Remote Password Protocol would be even better, but there's no current standard for integrating this into the HTTP-Auth workflow.		Ideally, we would move to a system that can provide authentication without the server learning the user's password. HTTP-Digest-Auth at a minimum. Something like the Secure Remote Password Protocol would be even better, but there's no current standard for integrating this into the HTTP-Auth workflow.

	In any case, such a move is largely orthogonal to the development of the key recovery service itself.		In any case, since such a move will have to happen across the whole services infrastructure to be worthwhile, it's largely orthogonal to the development of the key recovery service itself.