Firefox accounts and Persona

Rubén Martín nukeador at
Wed Oct 9 15:49:10 PDT 2013

El 09/10/13 23:36, Chris Karlof escribió:
> There are several motivations for this, but one is that we are
> designing services that store encrypted user data by default. The
> default option is that the encryption key will be derived from the
> user's password. If a user doesn't have a password with us, managing
> the encryption key is trickier. We have something called "pairing" in
> current Firefox Sync, but it has several UI issues with its current
> implementation, and it's not clear how to fix them. Another option is
> for us to store the encryption key, which has privacy concerns. 
> This is a tricky problem with lots of tradeoffs, and we're continuing
> to work towards a solution that's best for our users. 
I get the tricky point of needing something to encrypt data, at the end
a password/passphrase has to be provided to do the process.

Persona can still be used to verify the email provided and then ask for
a passphrase to encrypt data, so work flow could be something like:

  * Click on Log in to Firefox Accounts.
  * Persona dialog ? Verification ? OK.
  * Enter the passprashe to encrypt your data.
  * Success.


Rubén Martín [Nukeador]
Mozilla Reps Mentor

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Sync-dev mailing list