Firefox accounts and Persona

Rubén Martín nukeador at mozilla-hispano.org
Wed Oct 9 15:49:10 PDT 2013


El 09/10/13 23:36, Chris Karlof escribió:
>
> There are several motivations for this, but one is that we are
> designing services that store encrypted user data by default. The
> default option is that the encryption key will be derived from the
> user's password. If a user doesn't have a password with us, managing
> the encryption key is trickier. We have something called "pairing" in
> current Firefox Sync, but it has several UI issues with its current
> implementation, and it's not clear how to fix them. Another option is
> for us to store the encryption key, which has privacy concerns. 
>
> This is a tricky problem with lots of tradeoffs, and we're continuing
> to work towards a solution that's best for our users. 
I get the tricky point of needing something to encrypt data, at the end
a password/passphrase has to be provided to do the process.

Persona can still be used to verify the email provided and then ask for
a passphrase to encrypt data, so work flow could be something like:

  * Click on Log in to Firefox Accounts.
  * Persona dialog ? Verification ? OK.
  * Enter the passprashe to encrypt your data.
  * Success.

Regards.

-- 
Rubén Martín [Nukeador]
Mozilla Reps Mentor
http://www.mozilla-hispano.org
http://twitter.com/mozilla_hispano
http://facebook.com/mozillahispano

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20131010/02080247/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20131010/02080247/attachment.sig>


More information about the Sync-dev mailing list