On 24.02.2015 12:10, Gervase Markham wrote: > On 23/02/15 20:20, Frederik Braun wrote: >> The idea is to use a FMD-specific key that is used to encrypt all >> communication between the phone and the user, so that our server is >> nothing more but a stupid relay. > > That would be great... but, as the bug notes, there is a trade-off > between using kA and kB. Using kA makes the system much more > hacker-proof but not subpoena-proof. Using kB makes it both, but if the > user forgets their FxA password, they can no longer wipe their device if > they don't have it. > > Gerv >
Yes, this balance is hard to strike. I know I'd prefer the stronger security guarantee, but most of our users may not :-) _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
