2010/11/23 Ian Clarke <ian at sensearray.com>: > On Tue, Nov 23, 2010 at 9:34 AM, <cvollet at gmail.com> wrote: >> >> Well, right now, we do ask a password if users want to encrypt the >> client-layer or whatever that is we encrypt. So, the idea was to allow >> that on a per-identity basis. If it's not possible/too complicated/not >> useful, then yes, we can just go with the current master password, and >> identities without any password. > > I'm just not sure I see a concrete benefit to encrypting per-identity, and I > see a lot of usability pit-falls. ?We have enough usability problems to > worry about without creating new ones. At first sight, it doesn't seem very useful yes, but perhaps a lot of users use encryption. It would be great if we have some feedback on that. >> >> Also, is it not possible to have a >> system to backup passwords in-freenet? (of course, only if we agree >> identity-based encryption is a plus) > > Well, there would need to be a separate recovery password, and then the > original password simply becomes redundant from a security point of view. That's how it works in all password recovery system on internet. Usually, it's an answer to a question. Granted, there is also the "send to this email" option we can't have in freenet (afaics).
Anyway, for now we can just agree on having only non password protected identities. If someone have a master password, we ask him when launching the node (dunno how it is handled right now). > Ian. > -- > Ian Clarke > CEO, SenseArray > Email: ian at sensearray.com > Ph: +1 512 422 3588 > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl >
