Ryan, Chris, I am using PyFxa to prototype the encryption flow here, by directly connecting to FxA :
https://github.com/tarekziade/share/blob/master/share.py#L66 Can you tell me if that's the flow you had in mind ? Thanks On Tue, Dec 23, 2014 at 9:05 AM, Tarek Ziade <[email protected]> wrote: > > On Tue, Dec 23, 2014 at 1:07 AM, Christopher Karlof <[email protected]> > wrote: > >> Explicit revocation is different from “revocation as a surprising side of >> effect of doing something else that’s not obviously going to trigger >> revocation”. >> >> Ryan’s point is that password reset could easily fall into the latter >> type if we’re not careful. >> > > I don't see how this is avoidable though, without storing the old keys on > the server, which seems like a bad idea. > > > Did you have a solution in mind ? > > Cheers > Tarek > >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
