- From: Hadley Beeman <notifications@github.com>
- Date: Mon, 31 Jan 2022 10:00:08 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/686/1026053809@github.com>
Hi @agl. We are discussing this in our W3CTAG breakout today. This has generated an interesting discussion, and we have a couple of questions you may be able to help with. 1. **How safe are sync fabric providers?** We talked through a number of scenarios in which this could fail to protect users: * one where the sync fabric provider has access to the credentials themselves and abuses them, * one where authorities could serve warrants on sync fabric providers and gain access to all of a user's accounts, and * one in which an unscrupulous but widely-used site requires that users use their sync fabric to log in — and then they have access to all of that user's accounts. Have you and the working group considered these types of scenarios? What sort of mitigations might be added to the spec or the ecosystem to protect users from scenarios like these? 2. **Can you say more about device-key extension?** We were intrigued with the protections that come from pairing syncable credentials in a phone or sync fabric to an automatically-generated, device-bound key pair. Would you imagine those keys expiring regularly (monthly or weekly, etc)? And while this clearly mitigates some of the danger to the user (their older credentials would no longer be available, should they be exposed or exfiltrated) — how much damage could still be done if credentials were leaked before they expire? And are there other ways to protect users in this scenario? -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/686#issuecomment-1026053809 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/686/1026053809@github.com>
Received on Monday, 31 January 2022 18:00:21 UTC