On Wed, Dec 17, 2014 at 10:32 PM, Ryan Kelly <[email protected]> wrote: > > [..]
> > If I understand your proposal correctly, you want to do something like > this to build up a database of user public keys: > > DO-THE-OAUTH-DANCE-TO-GET-kBr > > userPubKey = DERIVE-PUBKEY(kBr) > > db.write(userid, userPubKey) > > yeah, using something similar to libsodium's scalarmult operation. http://nacl.cr.yp.to/scalarmult.html but that's just a theory for now. > This is fine if you can safely fill in the DERIVE-PUBKEY operation. I > don't know a sufficiently-well-established pattern for doing that, so I was > proposing something like this: > > DO-THE-OAUTH-DANCE-TO-GET-kBr > > (userPubKey, userPrivKey) = RANDOMLY-GENERATE-A-KEYPAIR() > > db.write(userid, userPubKey, ENCRYPT(userPrivKey, kBr)) > > > From my perspective, the key point is that a relier should be able to do > whatever it wants with its kBr and not affect other reliers. > your proposed solution seems fine too I guess - In any case the user directory APIs would look the same I suppose. Will continue to digg, thanks! > > > Cheers, > > Ryan >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
