Account Management Framework (now #435) #276
Conversation
…nside their credentials
Thanks to @progval for the suggestions.
|
@progval I'll look at making sure the error codes are in the given list, but how do those changes look to you? Should clean up the language in those sections a fair bit |
These changes allow REG to be better used on networks that explicitly link accounts to nicknames.
|
Why do you want to prevent the client from setting a fingerprint that is not the one of its current certificate? |
|
Different networks can use whatever fingerprint methods they want for certs. In addition, allowing clients to register with fingerprints other than one that they explicitly control sounds a bit dodgy in terms of spoofing other users. Say that you know the fingerprint of my cert – you register an account with the fingerprint in the certfp's cred field and now I can't register an account linked to my cert because one already exists for it. Because of that and the difficulty of conveying which algorithm is being used. Does certificate fingerprinting use standardised algorithms like SHA1/SHA256 always or are there cases where people can do whatever special stuff they want, say using both SHA1 and SHA256 to better protect against dodgy collisions? Is there a 100% solid way that we know to convey exactly which method is being used to generate the fingerprint, or should we instead also define a numeric that dumps what your certfp is on connection, so that clients can then use that later in the Just using the client's current cert makes the most sense to me, though if there are answers for all these then I'm open to investigating it further. |
|
Existing services already allow "claiming" any fingerprint anyway. But I like the restriction because it can reduce accidents – if you're only allowed to use your current cert, then registering implies you can successfully connect with it and won't end up with an unusable account. |
|
Updating your cert would be handled separately, if appropriate could be through another |
|
But to update the cert, you have to be able to give a fingerprint at some point. Unless you find a way of connecting with the old and the new cert at the same time (IRC in TLS in TLS?), but that may be hard to implement in some/most clients. |
|
I think restricting registration to the certificate you currently have makes sense, for reasons @grawity put above. For updating the cert on an existing account that could definitely make sense, but I think looking at that is the job of another spec (which may also look at updating passphrase/etc for the account as well). |
|
Ok |
extensions/reg-core-3.3.md
Outdated
|
|
||
| A `REG VERIFY` command consists of the following format: | ||
|
|
||
| REG VERIFY <accountname> <auth_code> |
There was a problem hiding this comment.
I think this should include the (optional?) password if we're going to immediately log the user in [L111]. Or indicate that this command is only available while already logged in (how do you log in?) (in which case the sentence below "the irc server should also send an rpl_loggedin ..." would no longer be valid)
There are many users who accidentally paste their authentication code in chat.
|
Seems to be missing a way to drop the existing nickname. What if I misspell my email? |
|
That's handled by a separate spec. This is just about registering your account |
From the client dev perspective, receiving the 920 when verification is still required can cause issues in the UI.
Two possible ways to improve this would be to either send 927 before 920, or to send one or the other but never both. The latter would be cleaner IMO. |
|
920's sent when it's successful, so if they do mailto: then it'd send that after they send the REG VERIFY command, not after REG CREATE. If they REG CREATE with skipping verification, they wouldn't get 927 since it requires no verification code to be sent/etc. |
|
So, this is essentially a complete rewrite of the ACC Command Framework spec with the (lots of) feedback kept in mind. No longer relies on Let us know what you think. |
|
Is there a reason why this is called Even looking at the title |
|
The account-notify spec already defines the |
|
Bit of a better name, if we wanna brandy alternative suggestions about we can though. |
as well to simplify server implementations
|
Oragono now implements the updated spec as of the latest git |
|
Mention from the channel on something this could use: "it has no provision afaict for separated verification measures (think "go to this URL and solve a captcha" or "generate this proof of work")" |
|
This tries to do a lot and I think misses the mark in some ways and would probably be better getting rewritten. Especially this long with no real implementations sorta shows that it's probably better to get a more well-defined look at what specifically we should solve in a single spec (e.g. lump registration as well as authentication changing, maybe ^ and whatever other registration/cred-specific things come up), rather than trying to add on later with patch specs like this one's tried to. I dunno, I'll submit something to -ideas along the lines of a problem statement so we can better nail down what we want out of this and see if there's any actual interest from the not-client side. |
DanielOaks
changed the title
The
ACCcommand framework provides a standardized way for clients to create and manage accounts. In particular, theACC REGISTERandACC VERIFYsubcommands should allow a network to provide a consistent interface to register new accounts, no matter what services software is used on the backend. They also let clients build nice interfaces for account registration. This framework is extensible, letting us provide more commands and interfaces in future.This is the same spec as in #152 but cleaned up and with some bugs fixed. Asked kaniini if I could submit some fixes a while back and he said I should just throw a new PR in.
edit: I think the last thing missing here is the ability to know whether the net uses your nickname as the account name or not. I'll take a look at that and get something worked out there