On 9/01/2014 10:36 AM, Brian Warner wrote: > > * when the client submits a signed assertion to the tokenserver's > "please give me a token" API, it will include the hash of the > encryption key it is currently using (derived from kB). nalexander: > I'd recommend this value be a sibling of the key you're already > deriving from kB, either by using a different ctxInfo string, or by > extracting an extra 32 bytes from the existing HKDF operation. Neither > is derivable from the other. > > * the Sync tokenserver will maintain a table with three columns: > - FxA Account Identifier > - FxA generation number > - Sync account identifier (endpoint? collection-id? I don't know the > right lingo) > > * The Sync account identifier must be a consistent function of (FxA > account-id, hash-of-encryption-key). Previously it was merely a > consistent function of the FxA account-id.
We met today and decided to go ahead with this proposal. Tokenserver accepts a hash of the sync key, gives you a new uid/endpoint_url whenever it changes. There are some fiddly garbage-collection details to work out on the server, but this is the safest thing we can do for the clients given our compressed deadline and thinly-stretched resources. I've opened Bug 959441 to formalize this into the tokenserver protocol spec: https://bugzilla.mozilla.org/show_bug.cgi?id=959441 Thanks all! Ryan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
