| 2 Aug 2024 |
 @lantizia:mozilla.org | Theoretical (and likely incomplete) feature request incoming... :P | 15:24:35 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:26:10 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:27:30 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:28:19 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:28:24 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:29:05 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:29:57 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:30:53 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:31:44 |
| @lantizia:mozilla.org | * Upon receiving this notification Aegis (which may have to continuously run in the background to receive it) self-unlocks the vault, brings itself to the front on top of other apps somehow (maybe as a notification too... just one generated locally)... and shows the related TOTP code on screen. | 15:32:44 |
| @lantizia:mozilla.org | * Upon the device silently (i.e. it's not shown to the user) receiving this notification... Aegis takes the ID number from it (so Aegis may have to continuously run in the background to receive it)... self-unlocks the vault... and locally generates another notification (this one IS seen by the user) with the TOTP code that the user needs. | 15:35:50 |
| @lantizia:mozilla.org | * When the device received this external notification, it shouldn't be shown to the user, but instead Aegis (which may need to run in the background to listen out for them) should silently take the ID number... self-unlock the vault... lookup the TOTP for that ID... and locally generate another notification (this one IS seen by the user) that mentions the TOTP code that the user needs. | 15:37:28 |
| @lantizia:mozilla.org | * When the device receives this external notification, it shouldn't be shown to the user, but instead Aegis (which would have to run in the background to listen for these external notifications) should silently take the ID number... self-unlock the vault... lookup the TOTP for that ID... and locally generate another notification (this one IS seen by the user) that mentions the TOTP code that the user needs. | 15:38:00 |
| @lantizia:mozilla.org | * Basically an external source of some kind that is trusted enough to tell Aegis what TOTP code it should immediately show as a notification to the user (much like an incoming SMS message). But this external source doesn't have any information except the ID number of the entry, it doesn't have access to the vault at all and wouldn't receive any data back. | 15:38:32 |
| @lantizia:mozilla.org | * Basically an external source of some kind that is trusted enough to tell Aegis what TOTP code it should immediately show as a notification to the user (much like an incoming SMS message). But this external source doesn't have any information except the ID number of the entry in the vault... it doesn't have access to the vault itself... and wouldn't receive any data back. | 15:38:50 |
| @lantizia:mozilla.org | * Well imagine you're using a password manager like KeePassXC on your desktop and (for whatever reason, I'm mixed about some of these reasons being good/bad) you don't want your TOTP codes generated by the same desktop app and/or from the same database. | 15:39:15 |
| @lantizia:mozilla.org | * This way the moment KeePassXC knows you've used an entry of it's own (e.g. reading the password in the entry and typing it via auto-hotkey, or sending it via their browser extension)... it can tell Aegis to get ready by having it bring up the right TOTP code automatically. | 15:39:52 |
| @lantizia:mozilla.org | * If we compare this to when you have to login to something that doesn't support proper TOTP (looking at your Apple) and instead uses an SMS text message. We all know this is absolutely crap and all the reasons why... BUT it does have the advantage that the TOTP is delivered to you, so you merely have to glance at your phone (and optionally unlock to see it). | 15:43:00 |
| @lantizia:mozilla.org | * If we compare this to when you have to login to something that doesn't support proper TOTP (looking at you Apple) and instead uses an SMS text message. We all know this is absolutely crap and all the reasons why... BUT it does have the advantage that the TOTP is delivered to you, so you merely have to glance at your phone (and optionally unlock to see it). | 15:43:14 |
| @lantizia:mozilla.org | * So this would give that ease of use... without the user needing to unlock their phone, open Aegis, unlock the vault, scroll down the list (might be hundreds at this point, some with similar names), and pick the right one. | 15:44:01 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:45:50 |
| @lantizia:mozilla.org | Redacted or Malformed Event | 15:47:20 |
| @lantizia:mozilla.org | * But say Aegis Authenticator listened for some kind of incoming external communication (likely over the Internet, perhaps as a Google or Apple push notification send by a 3rd party source external to your ophone) and the user has already told their installation of Aegis to trust this particular kind of communication... and in the notification is an ID number (no other data, so basically anonymized unless you ARE Aegis and know what it relates to) of an entry in the vault. | 15:50:29 |
| @lantizia:mozilla.org | * But say Aegis Authenticator listened for some kind of incoming external communication (likely over the Internet, perhaps as a Google or Apple push notification send by a 3rd party source external to your ophone) and the user has already told their installation of Aegis to trust this particular kind of communication... and in this communication is an ID number (no other data, so basically anonymized unless you ARE Aegis and know what it relates to) of an entry in the vault. | 15:50:42 |
| @lantizia:mozilla.org | * When the device receives this external data, it shouldn't be shown to the user, but instead Aegis (which would have to run in the background to listen for these external notifications) should silently take the ID number... self-unlock the vault... lookup the TOTP for that ID... and locally generate another notification (this one IS seen by the user) that mentions the TOTP code that the user needs. | 15:50:46 |
| @lantizia:mozilla.org | * When the device receives this external data, it shouldn't be shown to the user, but instead Aegis (which would have to run in the background to listen for this information) should silently take the ID number... self-unlock the vault... lookup the TOTP for that ID... and locally generate another notification (this one IS seen by the user) that mentions the TOTP code that the user needs. | 15:50:55 |
| @lantizia:mozilla.org | * When the device receives this external data, it shouldn't be shown to the user, but instead Aegis (which would have to run in the background to listen for this information) should silently take the ID number... self-unlock the vault... lookup the TOTP for that ID... and locally generate a notification to show to the user, that mentions the TOTP code that the user needs. | 15:51:15 |
 Wu Tingfeng | I think any sort of capability of listening for remote commands, even if explicitly opt-in only by the user, would drive users away from Aegis. | 15:51:18 |
| @lantizia:mozilla.org | * But say Aegis Authenticator listened for some kind of incoming external communication (likely over the Internet, perhaps as a Google or Apple push notification sent by a 3rd party source external to your ophone) and the user has already told their installation of Aegis to trust this particular kind of communication... and in this communication is an ID number (no other data, so basically anonymized unless you ARE Aegis and know what it relates to) of an entry in the vault. | 15:53:03 |
| @lantizia:mozilla.org | * But say Aegis Authenticator listened for some kind of incoming external communication (likely over the Internet, perhaps as a Google or Apple push notification sent by a 3rd party source external to your phone) and the user has already told their installation of Aegis to trust this particular kind of communication... and in this communication is an ID number (no other data, so basically anonymized unless you ARE Aegis and know what it relates to) of an entry in the vault. | 15:53:15 |
