Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Safer account recovery mechanism that does not force users to trust server #4

taoeffect opened this issue Jan 18, 2017 · 0 comments


Copy link

Picking up from the mailing list convo, as requested, I'm opening up this issue to start a discussion about how users can safely recover their accounts without giving the CONIKS server the ability to take control of their account.

The basic mechanism that's being suggested is simply the idea of giving users say over whom they trust to re-create their identity for them. I copy/paste that idea here:

In DPKI [2], we solved this problem by allowed the user to specify the entities that they trust to restore their identity for them. This can be accomplished simply by letting the user specify the public keys and the n-of-m parameters (of those keys) that is necessary to create broadcast a message that signs a new public key on behalf of the user.

Example: Alice loses her phone. Alice uses the app to generate a new keypair and sends a request to the friends she authorized to sign it.

@taoeffect taoeffect changed the title Account recovery mechanism that does not require forcing users to trust untrustworthy parties Safer account recovery mechanism that does not force users to trust server Jan 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

1 participant