On 23/08/2016 09:56, Julien Vehent wrote:
> On Mon 22.Aug'16 at 14:43:42 -0700, Richard Newman wrote:
>> Another option is to build a key escrow service, similar to the one Apple
>> hosts for FileVault encryption keys.
>>
>> A key escrow service would instead wrap a copy of kB with additional crypto
>> — print-and-save keys, a long series of questions:
>>
>>
>> This makes the process explicit, and doesn't touch core crypto; this is an
>> addition with a hook into recovery.
>
> This might make sense from a product perspective, but it does increase
> the security burden on the sync/fxa infrastructure. We're not immune to
> breaches, or court orders, and the current crypto model has helped us build
> flexible infrastructure without being too worried of the impact of a breach.
>
> Maybe we could build an escrow service that's still in control of the user,
> for example by splitting the recovery key using shamir's secret sharing and
> assigning each part to a recovery step, with a threshold of 3 to reconstruct
> the recovery key.
A related idea that someone once described to me was a "password reset
buddy". The user can nominate a friend who will vouch for them in order
to get their data back. From the user's point of view it would look like:
* The user does a password reset, clicking through a confirmation email
in the same way they do currently.
* We send an email to their nominated password buddy saying "hey, your
friend forgot their password, click here to help them get their data
back".
* The friend clicks through that email, logs in to their Firefox
Account, and the original user's data magically becomes available
again.
Under the hood there would be a bunch of shamir's secret sharing and key
wrapping palaver to actually make things go.
Of course there are two problems with this sort of approach:
1) The user has to opt in to it ahead of time, which they may not
have any particular incentive to do at that time.
2) That's a whole bunch of complex technical stuff to add under
the hood!
But it's a neat idea :-)
Cheers,
Ryan
_______________________________________________
Sync-dev mailing list
Sync-dev@mozilla.org
https://mail.mozilla.org/listinfo/sync-dev
