~yujiri/sufec#47: 
make unlinking a device actually possible

As-is, the protocol supports it but makes it impossible, because device IDs are generated by each device, so you don't know the ID of the device you want to revoke. Well, unless you inspect the account file of the device you want to remove.

This could be addressed by having the device link info given in QR codes include a device ID. But then the knowledge would only go one way, ie. the phone wouldn't be able to remove the computer.

ideal solution probably involves:

  • a way to get the list of devices from your homeserver
  • each device having a user-specified name. set when you generate the QR code, passed to the new device in the QR code, and... but hmm, how does the name get onto the server? As-is, the linked device's first login is no different from any other. That might need to change.
Status
REPORTED
Submitter
~yujiri
Assigned to
No-one
Submitted
2 years ago
Updated
2 years ago
Labels
GTK android terminal

~yujiri added protocol 2 years ago

~yujiri 2 years ago

Oh, I just thought of something! Device names should be generated by each client and stored on the server, but encrypted with your long-term key! That way we don't have the privacy loss of the server knowing what devices/clients you have.

~yujiri removed protocol 2 years ago

~yujiri added terminal 2 years ago

~yujiri added android 2 years ago

~yujiri added GTK 2 years ago

~yujiri 2 years ago

This also needs support added on the server.

Register here or Log in to comment, or comment via email.