Picking up from the mailing list convo, as requested, I'm opening up this issue to start a discussion about how users can safely recover their accounts without giving the CONIKS server the ability to take control of their account.
The basic mechanism that's being suggested is simply the idea of giving users say over whom they trust to re-create their identity for them. I copy/paste that idea here:
In DPKI [2], we solved this problem by allowed the user to specify the entities that they trust to restore their identity for them. This can be accomplished simply by letting the user specify the public keys and the n-of-m parameters (of those keys) that is necessary to create broadcast a message that signs a new public key on behalf of the user.
Example: Alice loses her phone. Alice uses the app to generate a new keypair and sends a request to the friends she authorized to sign it.
Picking up from the mailing list convo, as requested, I'm opening up this issue to start a discussion about how users can safely recover their accounts without giving the CONIKS server the ability to take control of their account.
The basic mechanism that's being suggested is simply the idea of giving users say over whom they trust to re-create their identity for them. I copy/paste that idea here: