[messaging] abusing u2f
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 23 17:31:18 PDT 2016
On Wed 2016-03-23 15:05:47 -0400, elijah wrote:
> Obviously, you lose ability to decrypt if you lost your u2f device.
hmm, i thought most people today were trying to solve the multi-device
use case. Here, it sounds like we'd be back to single-device. If we
allow ourselves to include "user retains a single device" as a
legitimate outcome, then the set of feasible solutions changes pretty
dramatically.
i'm not saying this is a bad thing (i actually think that single-device
stories are often much simpler to reason about and to engineer), but
it's quite a severe shift. (e.g. you don't have to worry about sync,
and the size of your local storage becomes more important)
Or are you envisioning a way that you could abuse u2f in the
multi-device case?
--dkg
More information about the Messaging
mailing list