| 2 Aug 2024 |
 alexbakker | * Lantizia: I admit I haven't done a thorough read of your proposal yet but this sounds very similar to https://github.com/beemdevelopment/Aegis/issues/1259. Except your idea also has a "self-unlock" step which I don't quite understand how you imagine that'd work. I think my comment to that issue also applies here. If this is going to be implemented in a separate app, there's not much involvement from Aegis needed. All we'd need is some way to surface the right entry when another app asks for it. | 18:18:11 |
 @lantizia:mozilla.org | A separate app wasn't really the core idea, that was more a side note in case there was an issue with people not liking it in the main app or licensing issues. | 18:20:12 |
| @lantizia:mozilla.org | I'm not suggesting any Authy (ick!) API be mimicked either | 18:21:05 |
| @lantizia:mozilla.org | Nor should Aegis be sending any data | 18:21:22 |
| alexbakker | A separate app would be the only option, because Aegis does not (and will not) request the internet permission. We also can't add dependencies to proprietary libraries | 18:22:03 |
| @lantizia:mozilla.org | If proprietary libraries are even needed, that was just one possibility. | 18:22:36 |
| @lantizia:mozilla.org | Hopefully not needed at all. | 18:23:10 |
| @lantizia:mozilla.org | I'm not sure what you mean about Aegis requesting "internet permission" - that wasn't in my description. | 18:23:49 |
| @lantizia:mozilla.org | Anyway tea time :P bbl | 18:25:16 |
| alexbakker | Alright. Let's talk specifics. How would Aegis receive "some kind of incoming external communication (likely over the Internet)" without requesting the internet permission, depending on proprietary Google libraries or a separate app? | 18:27:34 |
 Bald Dev | I think @lantizia:mozilla.org is expecting passkey feature with Totp codes. This is my understanding 😅 | 22:54:02 |
| 3 Aug 2024 |
| @lantizia:mozilla.org | In reply to @blackbaal:matrix.org
I think @lantizia:mozilla.org is expecting passkey feature with Totp codes. This is my understanding 😅 Never mentioned that either | 06:31:05 |
| @lantizia:mozilla.org | In reply to @alexbakker:matrix.org
Alright. Let's talk specifics. How would Aegis receive "some kind of incoming external communication (likely over the Internet)" without requesting the internet permission, depending on proprietary Google libraries or a separate app? If I had specifics for this they'd be in the logged issue (and when I wrote it... I didn't know Aegis requesting the "internet permission" was a red line). But in terms me, just now, trying to find something truly agnostic and not depending on any one server/company or necessarily anything proprietary... I just found this? https://f-droid.org/2022/12/18/unifiedpush.html | 06:32:54 |
| @lantizia:mozilla.org | But by logging the issue... I was opening up chance for people to contribute ideas like this. It shouldn't just be a chance for someone to point out all the flaws in an effort to shut down constructive ideas. | 06:33:50 |
| @lantizia:mozilla.org | * But by logging the issue... I was opening up the chance for people to contribute ideas like this. It shouldn't just be a chance for someone to point out all the flaws in an effort to shut down constructive ideas. | 06:34:05 |
| alexbakker | Right, so a separate application. I'm not trying my best to dunk on your idea, I'm just pointing out the boundaries of what we're willing to support in Aegis. The reason I linked to that older issue, is because it explains those boundaries + why we're not super interested in a feature like this, but since most of the feature would have to be implemented outside of Aegis anyway, we're happy to take a look at whether this is something we can accommodate once there's a draft of a spec. | 07:07:32 |
| alexbakker | * Right, so a separate application. Look, I'm not trying my best to dunk on your idea, I'm just pointing out the boundaries of what we're willing to support in Aegis. The reason I linked to that older issue, is because it explains those boundaries + why we're not super interested in a feature like this, but since most of the feature would have to be implemented outside of Aegis anyway, we're happy to take a look at whether this is something we can accommodate once there's a draft of a spec. | 07:09:16 |
| @lantizia:mozilla.org | In reply to @alexbakker:matrix.org
Alright. Let's talk specifics. How would Aegis receive "some kind of incoming external communication (likely over the Internet)" without requesting the internet permission, depending on proprietary Google libraries or a separate app? * If I had specifics for this they'd be in the logged issue (and when I wrote it... I didn't know Aegis requesting the "internet permission" was a red line). But in terms of me, just now, trying to find something truly agnostic and not depending on any one server/company or necessarily anything proprietary... I just found this? https://f-droid.org/2022/12/18/unifiedpush.html | 07:45:15 |
| @lantizia:mozilla.org | Well lets say hypothetically the 'separate app' was just the users own choice in a UnifiedPush compatible 'distributor app' (as explained on their website)... and there is no need for a separate Aegis Authenticator app. The normal Aegis Authenticator app would register with the 'distributor app' (thus the user is explicitly opting in and trusting that source) and the format of any messages received from it (i.e. when you're calling for a 'draft spec') would likely be ludicrously simple since it would just contain an ID number of the entry in the vault. | 08:00:00 |
| @lantizia:mozilla.org | So the bigger question is... should something like this exist. Would Aegis devs be happy to then somehow use it to unlock the vault, get the TOTP, generate it's own local system notification containing that TOTP, and relock the vault. | 08:00:43 |
| @lantizia:mozilla.org | I would say that is the main part of the feature request. The communications and security aspects are prerequisites sure, but are meaningless if the main feature can't be done. | 08:01:15 |
| @lantizia:mozilla.org | * Well lets say hypothetically the 'separate app' was just the users own choice in a UnifiedPush compatible 'distributor app' (as explained on their website)... and there is no need for a separate app made by the Aegis Authenticator team. The normal Aegis Authenticator app would register with the 'distributor app' (thus the user is explicitly opting in and trusting that source) and the format of any messages received from it (i.e. when you're calling for a 'draft spec') would likely be ludicrously simple since it would just contain an ID number of the entry in the vault. | 08:04:22 |
| @lantizia:mozilla.org | * So the bigger question is... should something like this exist... Would Aegis devs be happy to then somehow use it to unlock the vault, get the TOTP, generate it's own local system notification containing that TOTP, and relock the vault. | 08:04:47 |
| @lantizia:mozilla.org | * So the bigger question is... should something like this exist... Would Aegis devs be happy to then take that message with the ID, unlock the vault, get the TOTP that matches the entry that has that ID, generate it's own local system notification containing that TOTP, and relock the vault. | 08:05:28 |
|  @sim_g:matrix.org joined the room. | 08:19:45 |
| @lantizia:mozilla.org | * Theoretical (and likely incomplete) feature request incoming... https://github.com/beemdevelopment/Aegis/issues/1445
Note: yeah I did explain it below in this chat originally... but it's been phrased better on GitHub on that link. | 08:24:39 |
| @lantizia:mozilla.org | * Thanks Wu Tingfeng I've added an idea to address those concerns in the idea that is now typed on GitHub... so if anyone does have any thoughts (negative or positive!) then it's also been filed here... https://github.com/beemdevelopment/Aegis/issues/1445 | 08:26:08 |
| @lantizia:mozilla.org | * Theoretical (and likely incomplete) feature request incoming... https://github.com/beemdevelopment/Aegis/issues/1445
Note: Originally I explained the idea here in the channel... but it's been phrased better on GitHub instead, so see that link instead.
| 08:27:05 |
| @lantizia:mozilla.org | * Well I didn't rule out a separate app, in fact I talked about the possibility of it being needed on GitHub. I've also (just this past hour) found something that seems to be truly agnostic and not depending on any one server/company, nor necessarily needing anything proprietary (if the user wishes to avoid that)... https://f-droid.org/2022/12/18/unifiedpush.html | 08:31:47 |
| @lantizia:mozilla.org | * But by logging the issue... I was opening up the chance for people to contribute ideas like this. | 08:32:17 |
