Closed
Bug 1426307
Opened 7 years ago
Closed 7 years ago
Firefox for iOS should store derived key material rather than the master key `kB`
Categories
(Firefox for iOS :: Firefox Accounts, enhancement, P1)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
fxios | ? | --- |
People
(Reporter: rfkelly, Assigned: eoger, Mentored)
References
Details
Attachments
(1 file)
This is the iOS part of Bug 1426304. Since we will soon start deriving non-sync-related keys from kB, sync clients should avoid storing kB directly, and instead store the minimal set of derived keys necessary to talk to sync:
* 64 bytes for the sync key bundle:
kSync = HKDF(kB, undefined, "identity.mozilla.com/picl/v1/oldsync", 64)
* 16 bytes for the tokenserver's X-Client-State header:
kXCS = SHA256(kB)[:16]
Updated•7 years ago
|
Mentor: rnewman
Hardware: Other → All
Reporter | ||
Comment 1•7 years ago
|
||
In IRC discussion, it came up that this change might cause us issues if we ever want to add the `chrome.storage.sync` API on mobile. Desktop will be storing those keys as a separate derived secret [1] but here on iOS, we'd have to ask the user to sign in again in order to get the new derived secrets.
Are we likely to ever want to add `chrome.storage.sync` on iOS, and if so, should we modify this to store the necessary derived secrets just in case?
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1426306
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → eoger
Status: NEW → ASSIGNED
Priority: -- → P1
Assignee | ||
Comment 2•7 years ago
|
||
Attachment #8941209 -
Flags: review?(nalexander)
Assignee | ||
Updated•7 years ago
|
Attachment #8941209 -
Flags: review?(nalexander) → review+
Assignee | ||
Comment 3•7 years ago
|
||
Merged
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 4•7 years ago
|
||
After writing this:
> this change might cause us issues if we ever want to add the `chrome.storage.sync` API on mobile
I realized that we don't have any webextension support at all on iOS, so the "if we ever want" part of this seems extremely far away. James, :rnewman mentioned you as a good person to ping about webextensions on iOS, do you have any thoughts on whether we might one day want to add such an API?
Flags: needinfo?(jhugman)
Comment 5•7 years ago
|
||
There seems be very little appetite internally for even a limited subset of the web extensions API.
Iff we did decide to support it, without significantly more developers, it would take a long time to get to us needing chrome.storage.sync.
"if we ever want" is further away than your "extremely far way".
Flags: needinfo?(jhugman)
You need to log in
before you can comment on or make changes to this bug.
Description
•