Discovery using leap-of-faith (no QR code), fixes #3 #6
Conversation
|
I just realized that all laptop browsers support QR codes, thanks to https://webqr.com/. So this flow is only useful for discovering the Box from a Smart TV or other device without a camera. I'll close this rfc unless someone else thinks we shouldn't. |
|
It is not just saving one click during the setup process. It is saving the user to fight getUserMedia UX: http://www.tokbox.com/blog/opentok-js-change/ |
|
Also
This can be mitigated asking the user to compare a code or image physically written in the box with something we show in the FTU flow. |
Yes, that's the click I meant, sorry. It's an especially hard-to-find click. :) Interesting links! |
Yes, not foolproof, but that would definitely help. And it would be necessary anyway, in case >1 Boxes exist in the same building. |
|
Retracting this proposal in favor of #12. |
| @@ -0,0 +1,38 @@ | |||
|
|
|||
| # Discovery using the cloud and leap-of-faith | |||
There was a problem hiding this comment.
Nit: Can you describe quickly what you mean by "Leap of Faith"? Also, can you describe the purpose of this discovery?
This would make the document easier to understand for people like me who have been working on something entirely disconnected.
There was a problem hiding this comment.
Right! Good points. "leap of faith" refers to "trust on first use" - when the client first connects to what it hopes is the box, it has no evidence that this host actually is the box it's looking for, except for the fact that it's the only visible candidate. See e.g. https://www.ietf.org/mail-archive/web/btns/current/msg00789.html. It's also how ssh establishes trust.
The purpose of this discovery is for the client (e.g. the smartphone of the user) to connect to the foxbox. This includes:
- discovering an IP address on which to reach the foxbox
- discovering the TLS server certificate of the foxbox
- possibly exchanging (password) credentials for a session (access) token
No description provided.