Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flesh out faq #101

Merged
merged 9 commits into from
May 26, 2023
Merged

flesh out faq #101

merged 9 commits into from
May 26, 2023

Conversation

divarvel
Copy link
Collaborator

@divarvel divarvel commented May 25, 2023
edited
Loading

  • what is biscuit?
  • why is offline attenuation great?
  • the crypto is not broken
  • can i be fired for choosing biscuit?
  • how can i bake delicious biscuits?

@divarvel divarvel changed the title faq: explain benefits of online attenuation flesh out faq May 25, 2023
@divarvel divarvel mentioned this pull request May 25, 2023
Open
juliabenisty
juliabenisty reviewed May 25, 2023
View reviewed changes
content/docs/help/faq.md Outdated Show resolved Hide resolved
content/docs/help/faq.md Outdated Show resolved Hide resolved
content/docs/help/faq.md Outdated Show resolved Hide resolved
divarvel and others added 2 commits May 25, 2023 18:20
@divarvel @juliabenisty
Update content/docs/help/faq.md
6734148 
Co-authored-by: juliabenisty <80972586+juliabenisty@users.noreply.github.com>
@divarvel @juliabenisty
Update content/docs/help/faq.md
4b4c2b7 
Co-authored-by: juliabenisty <80972586+juliabenisty@users.noreply.github.com>
Geal
Geal reviewed May 25, 2023
View reviewed changes
content/docs/help/faq.md Outdated Show resolved Hide resolved
content/docs/help/faq.md Outdated Show resolved Hide resolved
content/docs/help/faq.md Show resolved Hide resolved
content/docs/help/faq.md

Neither the biscuit specification nor the various implementations have been formally audited. The specification itself (more specifically the cryptographic scheme) has been informally audited by experienced cryptographers and the current specification raised no alarms.

Of course biscuit is a recent piece of tech, which makes it harder to justify than more standard choices like JWT. That being said, biscuit and the patterns it allows have been instrumental in the success of several projects, so it is worth trying it out.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe mention that biscuit builds on experience earned when using systems like JWT, and try to avoid their pitfalls

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'll try it out in another PR, i need to think it over a bit first.

@divarvel @Geal
Apply suggestions from code review
b0859b7 
Co-authored-by: Geoffroy Couprie <contact@geoffroycouprie.com>
divarvel
divarvel commented May 26, 2023
View reviewed changes
content/docs/help/faq.md Outdated Show resolved Hide resolved
@divarvel divarvel merged commit 0177715 into main May 26, 2023
@divarvel divarvel deleted the flesh-out-faq branch May 26, 2023 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Geal Geal Geal left review comments

@juliabenisty juliabenisty juliabenisty left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@divarvel @Geal @juliabenisty