Identity/CryptoIdeas/02-Recoverable-Keywrapping

From MozillaWiki
< Identity‎ | CryptoIdeas
Revision as of 00:44, 11 September 2012 by Warner (talk | contribs) (half written)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Recoverable Keywrapping

  • Brian Warner, 10-Sep-2012

This extends the ideas in BrowserID Key Wrapping and 01-PBKDF-scrypt, by providing sites with two categories of data protection: "recoverable" and "secure".

For both categories, web content is given a way to encrypt user data for later retrieval by the same user on the same domain. Each (email, domain) tuple gets an independent encryption key. If web content stores only the ciphertext, and does not record the plaintext, then the user's data will remain confidential against all other users and against web content from other domains.

The user's access to this data is managed by an "account", which lives on an Account Server. We expect that this account server will also provide signed Persona certificates for BrowserID-based logins. This server will probably look a lot like the current persona.org server. Each account will have some kind of identifier (a username or master email address), a configured password, a set of "recovery email addresses" for use when the password is forgotten, and other stored data (described below).

The idea is that user agents with knowledge of the account ID and the password can get full control of the account: they get signed certificates, access to all wrapped keys, and can change the password. Users who forget their password but who can still receive email at the recovery address will be able to reset the password and regain control over most of the account (excluding the "secure" wrapped key, described below).

"recoverable" vs "secure" data

This proposal defines two categories of encrypted data:

  • "recoverable" data can be decrypted by anyone who controls the account. Using the password-reset process retains access to recoverable data.
  • "secure" data can only be decrypted by someone who knows the account password. Using the password-reset process destroys access to the secure data.

This allows users to decide between availability and confidentiality of their data, so they can put different data into different categories. For example, a Sync-like application could put bookmarks into the "recoverable" category, but saved passwords and credit-card numbers into the "secure" category.

Access Reliance Sets

... still being written

Retrieved from "https://dev.wikimo.nonprod.webservices.mozgcp.net/index.php?title=Identity/CryptoIdeas/02-Recoverable-Keywrapping&oldid=469308"