Changes

Jump to: navigation, search

Identity/AttachedServices/KeyServerProtocol

111 bytes removed, 05:50, 1 August 2013
m
Signing Certificates
For /certificate/sign, it is critical to enable payload verification by setting options.payload=true (on both client and server). Otherwise a man-in-the-middle could submit their own public key, get it signed, and then delete the user's data on the storage servers.
Most The following keyserver APIs require a HAWK-protected request that uses the sessionToken. In addition, most (but not all) some require that the account be in the "verified" state:
* GET /sessionaccount/statusdevices
* POST /session/destroy
* POST /certificate/sign* GET /account/recovery_methods (does not require verification)* POST /account/recovery_methods/send_code* GET /accountrecovery_email/devicesstatus* POST /password/change/authrecovery_email/startresend_code* POST /passwordcertificate/change/auth/finishsign (requires "verified" account)
= Resetting The Account =
Confirm
471
edits

Navigation menu