Skip to content
This repository has been archived by the owner on Oct 29, 2020. It is now read-only.

As a user, I should be warned if my contact's account is compromised and their security keys are reset even if I haven't verified them. #12

Open
dbkr opened this issue Nov 8, 2019 · 0 comments
Open

As a user, I should be warned if my contact's account is compromised and their security keys are reset even if I haven't verified them. #12

dbkr opened this issue Nov 8, 2019 · 0 comments
Labels
cross-signing-sprint not-now

Comments

@dbkr
Copy link
Member

dbkr commented Nov 8, 2019
edited by lampholder
Loading

There are two parts to this:

  1. Being able to see this on all the devices that logged in before the point the user changed their key. The code we now have in the js-sdk can do this.

  2. Being able to see when a user changed their master key even if the device I'm using was logged in after the point they changed it. This will require uploading a signature making a weaker assertion, ie. that we've seen that key for that user at a given point in time (rather than that we have verified the ownership of the key out-of-band).
@lampholder lampholder changed the title As a user, I want to see when someone has changed their master key As a user, I want to see when someone has changed their master key even if I haven't verified them. Nov 21, 2019
@dbkr dbkr changed the title As a user, I want to see when someone has changed their master key even if I haven't verified them. As a user, I should be warned if my contact's account is compromised and their security keys are reset even if I haven't verified them. Nov 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
cross-signing-sprint not-now
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dbkr @lampholder