

New Firefox Sync protocol for Firefox Accounts - JoshTriplett
https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

======
JoshTriplett
I'm submitting this not just for general interest (as a fascinating
cryptographic account system) but because I'd like to hear about any analysis
experts have done on this protocol. Does this protocol really provide the
properties it purports to provide? In particular, does it protect against the
server or attackers with access to the server, as the old Firefox Sync
protocol did?

