On 19/12/2014 10:42, Christopher Karlof wrote:
If users are collaborating on something encrypted, then key(s)
used to
encrypt that thing need to be stable. If users lose a shared
resource
because someone reset their password, that is bad.
This makes me wary about using kB for any part of this
infrastructure,
although we might find a way.
Chris elaborated on his meaning a little more in the FxA standup last
week, and I thought it was worth sharing more broadly.
There are three levels of behavior we could provide in the lost password
case:
1) "You forgot your password, but that's OK, here's all your data back"
This is awesome user experience but implies that we have access to the
data on the servers.
2) "You forgot your password, so you've lost access to that data"
This is not great but potentially an OK trade-off for more privacy, and
users at-least-sort-of understand the situation.
3) "Bob forgot his password, so you've last access to that data"
This is completely unacceptable :-)
Cheers,
Ryan
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
