On 29/12/2014 20:13, Rémy Hubscher wrote:
What I understood is that the public key is send only on the
/authorization endpoint and kept for use on the /token
The spec returns the keys that was sent to /authorization. If we're
tunneling them through, but we can't rely on them, why tunnel them at all?
I didn't get that. What cannot we rely on and what do you want to tunnel?
In the FxA database they are kA and wrap-kB that we derive to get
encrypted((kAr,kBr), DH(transactionPublicKey, tempPrivateKey)) that we
get back on /token with tempPublicKey.
And transactionPublicKey is sent on /authorization
My question is how do we makes sure that the server doesn't store/log
kAr and kBr before encryption?
Which server are you referring to here?
No server should be receiving plaintext kAr and kBr in the proposed
flow. They are encrypted by client-side javascript from the content
server, and received in this encrypted form by the relier, who can
choose where and how to decrypt them.
Ryan
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
