On 2/1/15 18:21, Ryan Kelly wrote:
Also, a small suggestion for the proposed encryption flow on
https://wiki.mozilla.org/Loop/Architecture/Context, where you say:
"""
The room context information is serialized as a JSON object, and
encrypted using kR
"""
The key kR is likely the only key material your relier will be able to
get. I recommend treating it like a master key and deriving
purpose-specific keys from it via HKDF, rather than using it directly.
I'm not sure what use cases you have in mind here, so it's not clear to
me where in the process you are proposing we create a derived key. I can
think of at least two different options, depending on what you're trying
to enable:
1. The desktop client (encyrpter) derives a metadata key before sending
it to the link-clicker (decrypter).
2. The master key is be conveyed to the link clicker, so that both
sides may derive a number of application keys in parallel.
I've changed the write-up to reflect the first interpretation. If this
isn't what you meant, please clarify what you're trying to accomplish so
that I can adjust accordingly.
Thanks!
--
Adam Roach
Principal Platform Engineer
[email protected]
+1 650 903 0800 x863
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
