User:Fmarier/FxASyncPairing
User stories / audience
1. As a forgetful user, I want to sync my things without having to pick another password. 2. As an impatient user, I want to connect my phone to my laptop without having to go through email verification or having to type anything on my phone. 3. As a user of many FxA-backed services, I do not use a very strong password for my account and would like to secure my data on Mozilla's servers with something stronger. 4. As a privacy nerd, I only want to store my data on Mozilla's servers if it's encrypted using a full-strength key that never transits through an intermediate service, even if it means jumping through a few hoops.
Out of scope
The following things are currently out of scope:
- removing the need for a password in Firefox Accounts
- allowing unverified emails in FxA
- escrow of full strenght keys to protect against device loss and improper backup practices
- moving Content Server payloads to the client or validating these payloads
Pairing mechanisms
Here are the 4 key exchange mechanisms that have been considered to copy the full strenght key from the device that generated it to another:
- J-PAKE: This is he pairing mechanism that was used in Sync 1.1. Pairing is initiated on the first device which displays an ephemeral code. That code must be entered on the second device. No need to type in an email address, all that's needed on the second device is the code.
- Barcode: A way to exchange data from a device to a mobile phone equipped with a camera. There is no need to type anything since the barcode (most likely a 3D barcode or QR code) includes everything needed.
- Manual key entry: Users can view or download the key on one device and either type it back onto the second device or import it from a file.
- 0-bit pairing: Once a user has logged into their Firefox account on both devices, the existing secure channel is used to automatically push the full-strenght key to the other device.
Here's a comparison of these mechanisms:
TODO: add table