On 3/02/2015 05:56, Adam Roach wrote:
On 2/1/15 18:21, Ryan Kelly wrote:
Also, a small suggestion for the proposed encryption flow on
https://wiki.mozilla.org/Loop/Architecture/Context, where you say:
"""
The room context information is serialized as a JSON object, and
encrypted using kR
"""
The key kR is likely the only key material your relier will be able to
get. I recommend treating it like a master key and deriving
purpose-specific keys from it via HKDF, rather than using it directly.
I'm not sure what use cases you have in mind here, so it's not clear to
me where in the process you are proposing we create a derived key. I can
think of at least two different options, depending on what you're trying
to enable:
1. The desktop client (encyrpter) derives a metadata key before sending
it to the link-clicker (decrypter).
2. The master key is be conveyed to the link clicker, so that both
sides may derive a number of application keys in parallel.
I've changed the write-up to reflect the first interpretation.
Yep, this is indeed the interpretation I had in mind.
Cheers,
Ryan
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
