On Tue, Dec 23, 2014 at 12:05 AM, Tarek Ziade <[email protected]> wrote:
> > On Tue, Dec 23, 2014 at 1:07 AM, Christopher Karlof <[email protected]> > wrote: > >> Explicit revocation is different from “revocation as a surprising side of >> effect of doing something else that’s not obviously going to trigger >> revocation”. >> >> Ryan’s point is that password reset could easily fall into the latter >> type if we’re not careful. >> > > I don't see how this is avoidable though, without storing the old keys on > the server, which seems like a bad idea. > An alternative is to encrypt stuff with kA, which is a recoverable key managed by the auth server. It’s not *necessarily* a bad idea — it’s just a system with different properties. > Did you have a solution in mind ? > Use kA by default and explore an advanced option for users to opt in to using kB. Ideally, if users opt in to kB style sharing, then “document owner” would get a notification when someone loses access so she can re-share it. It really complicates the UX though. If the document owner resets her password, god knows what happens. -chris > Cheers > Tarek > >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
