Item #1 Pending usersname and encrypted passwords in profile
Users are really confused why they have to enter the pwd again after restoring.
- Store the pwd/username with the user profile.
- Users would be able to decrypt the password with the seed
Discussionon on the pending topic:**
Would enable us to get a user in without the restore flow
Ken has a concern about restoring pwd hashes locally.
Larry points out that this pwd request is similar to how the other crypto apps does it.
Jeff points out that users are confused regardless.
Jude does point out that being able to reissue the email.
Larry points out this might confuse people to point to they don’t understand the identity ownership.
Muneeb points out that the seed phrase is really the key to understanding identity.
Aaron raises warning there are some keys we keep around unencrypted in memory — like the intermediate key…we need to be sure that the final key never ends up in that situation.
Jude and Aaron discuss derivation paths and how that must be safeguarged from decrypted situation.
Ken points out that this also impacts the username which likely also needs to be encrypted.
Larry — “how do pending usernames work during on-boarding, I have no idea”
Ken: Chooose username which goes to stack registar which waits until the user moves forward. Final name requires a finish and some time…there is a pending period after that at about an hour. That’s why restore now currently fails if the restore happens this pending.
Jude confirms all stack cores have this. There is some signing required during this phase(?)…If I had your encrypted pwd and it was not signed in anway, can’t I just take that and put it in a different profile.
Aaron don’t forget the profile is signed.
Mary – a process flow diagram would be good to have here so we have an understanding of where each element is at any point. Hand drawn is good, send it to me and I’ll make it formal.
Jeff the email request is still part of the flow at login.
Various discussions around whether any app developer is using it. We are not using it the way everyone assumes that we are.
Mary – why not have the app make the contract with the user for the email.
Jeff - we are really dealing with fundamental issues of relationship building for virtual products.
Muneeb – Later we should dicuss what’s the mental model for users here. We have to discuss this. There needs to be some explicit way to store this
Ken - the problem with optional emails if it doesn’t always work.
Jeff - was just wondering if using the same trick to store emails is the same.
Mary - I always saw this as something the user puts in storage and it is something that I grant to them.
Jeff we decided to implement what we just discussed. Who is going to be implementing what we just discussed.
Item #2 CLI Tool
Larry was looking for Jude to discuss what is the role of the CLI tool. Jude said he was going to dicuss this with Mark. What is the product status of this — do you have any updates for people.
Level of support?
It hasn’t come up with the current OKR discussion. I am going to guess not it isn’t a product.