On Oct 10, 2013, at 2:03 AM, Chris Karlof <[email protected]> wrote:
> > On Oct 9, 2013, at 3:49 PM, Rubén Martín <[email protected]> wrote: > >> El 09/10/13 23:36, Chris Karlof escribió: >>> >>> There are several motivations for this, but one is that we are designing >>> services that store encrypted user data by default. The default option is >>> that the encryption key will be derived from the user's password. If a user >>> doesn't have a password with us, managing the encryption key is trickier. >>> We have something called "pairing" in current Firefox Sync, but it has >>> several UI issues with its current implementation, and it's not clear how >>> to fix them. Another option is for us to store the encryption key, which >>> has privacy concerns. >>> >>> This is a tricky problem with lots of tradeoffs, and we're continuing to >>> work towards a solution that's best for our users. >> I get the tricky point of needing something to encrypt data, at the end a >> password/passphrase has to be provided to do the process. >> >> Persona can still be used to verify the email provided and then ask for a >> passphrase to encrypt data, so work flow could be something like: >> Click on Log in to Firefox Accounts. >> Persona dialog → Verification → OK. >> Enter the passprashe to encrypt your data. >> Success. >> >> > Your suggestion is reasonable and is something we've discussed. > > What is the second login experience? In particular, would you require the > Persona dialog/Verification step? If so, why? You already set up a password > to encrypt your data, so why not use use the password to authenticate as > well? Requiring password + Persona every time is a worse experience, IMO, and > adds little value for subsequent logins. > > You might argue that you could use Persona only (skip the password) to > authenticate to FxA for when encryption isn't needed. This is a valid point. > But we have a password for the user. So why not just use that? It's more > consistent. > In summary, > Account creation: Verify email via Persona, choose password. > Account login: Enter password. I agree with this as a starting point, but as the value that Firefox Accounts grows far beyond just sync, we need to be architecturally prepared to allow login via email verification to fxa. Luckily, how you authenticate, and how you derive keys - the most visible decisions we will make - seem to be the least complicated to change. I suggest we keep a strongly validated email in the firefox accounts database, and we plan to support multiple authentication methods (which is a noop really, it's just a mindset). fair? lloyd > -chris > > > >> >> -- >> Rubén Martín [Nukeador] >> Mozilla Reps Mentor >> http://www.mozilla-hispano.org >> http://twitter.com/mozilla_hispano >> http://facebook.com/mozillahispano >> _______________________________________________ >> Sync-dev mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/sync-dev > > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
