Closed overheadhunter closed 1 year ago
Since we need to confirm the new device using some existing device, the workflow is started on a different device than it is finished on.
The hub acts as an information broker between those clients and we must protect the information from being tampered (e.g. an evil database admin exchanging the legitimate public key with one of his own). Therefore it is necessary for the new device to display some pairing code that is derived from its public key (e.g. its sha256). The existing device needs to prompt the user to enter this pairing code.
Instead of using an existing device to confirm the new one (this is still possible to add in the future), we opted for a Setup Code in #207, which is a secret hold by the user that can be used to decrypt the user's private key.
Please agree to the following
Summary
I want to manage my devices without the need of an vault owner to re-grant access
Motivation
As an unprivileged user I want to add and remove my own devices and instantly have access to vaults that I have been granted access to. I don't want to wait for the vault owner to rerun the "grant access" procedure.
Considered Alternatives
No response
Anything else?
No response