<div dir="ltr">On Wed, Dec 17, 2014 at 11:44 AM, Ryan Kelly <span dir="ltr"><<a href="mailto:rfkelly@mozilla.com" target="_blank">rfkelly@mozilla.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I'd love to avoid public-key crypto here...perhaps there's a way for the content-server to generate a symmetric encryption secret and communicate it directly back to the relier without it transiting our servers?<br>
<br></blockquote><div><br><br></div><div>There's one semi-related use case we need to cover - that I guess is a complement from what you have described:<br><br>The ability to discover an FxA user, and their public key (or whatever public key we can use to send the user encrypted data.)<br></div><div>In other words, a browseable user directory ala LDAP like what SKS provides (or closer to us, Mozillians)<br><br></div><div>From our <a href="http://daybed.io">daybed.io</a> experiment, I am currently working on a small set of API for this user directory and plan to publish a wiki page this week<br></div><div>that describes the flow and the APIs.<br></div><br></div><div class="gmail_quote">I guess the whole user story will be something along those lines, if I follow your proposal<br><br></div><div class="gmail_quote">"PublicKBR" is the public key corresponding to the private kBr key.<br><br><br></div><div class="gmail_quote">1/ user A wants to send private data to user B using app Foo<br><br></div><div class="gmail_quote">2/ user A looks for user B relier-specific keys on the User Directory.<br></div><div> a/ they are no keys, app Foo works with user B* to publish PublicKBR</div><div> b/ PublicKBR is found, user A can use it to encrypt data for UserB<br><br></div><div class="gmail_quote"><div><br></div><div>*: out of scope for my proposal: the app is responsible for publishing its public keys on behalf of the user.<br><br></div><div>How does that sound ?<br><br></div><div>Cheers<br>Tarek<br></div><div><br> <br><br>
</div></div></div></div>