On 23/02/15 20:20, Frederik Braun wrote: > The idea is to use a FMD-specific key that is used to encrypt all > communication between the phone and the user, so that our server is > nothing more but a stupid relay.
That would be great... but, as the bug notes, there is a trade-off between using kA and kB. Using kA makes the system much more hacker-proof but not subpoena-proof. Using kB makes it both, but if the user forgets their FxA password, they can no longer wipe their device if they don't have it. Gerv _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
