There's a bug on file, that suggests some security improvements along these lines.
The idea is to use a FMD-specific key that is used to encrypt all communication between the phone and the user, so that our server is nothing more but a stupid relay. This would also provide additional privacy for the geolocation feature: An evil server may no longer snoop, nor control the device. The worst it could do was a per-user denial of service. See https://bugzilla.mozilla.org/show_bug.cgi?id=1040315 On 23.02.2015 20:22, Gervase Markham wrote: > On 23/02/15 17:33, Fabrice Desré wrote: >> The use case of FMD being that you lost your phone, we don't ask >> anything on device... > > Obviously not :-) > >> So if the server side is compromised, yes you can >> wipe the device. > > That doesn't necessarily have to follow. Read Cory's article and see > what he is suggesting as an alternative. > > Gerv > > > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
