On 2/2/15 10:08, Shane Tomlinson wrote:
My head is spinning, though I'm sure it'll become more clear as I
re-read the threads. One comment from rfk's email [1] from December:
> Chris also suggested that the encryption keys may not need to
transit the server at all, but could instead be communicated from
content-server to relier via a client-side postMessage API. I don't
know much about postMessage but it sounds worth exploring.
This is only possible if an iframe is involved somehow. Either the
relier embeds the content server into its page (e.g., the lightbox
flow[2]), or the relier embeds a hidden content server iframe in its page.
This sounds like the general solution that Chris was saying is more
complex than what we would need to make use of user keys in trusted
Desktop code. Am I reading that correctly?
--
Adam Roach
Principal Platform Engineer
[email protected]
+1 650 903 0800 x863
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
