Recovery token lifecycle
yngndrw-sage opened this issue · 0 comments
From the text in section 1.3 (https://github.com/facebookincubator/DelegatedRecovery/blob/master/draft-hill-delegated-recovery.raw.txt#L291-L298), it seems that recovery tokens are intended to never expire do not need to be single use. This is acceptable because it is the counter-signature of the recovery provider which provides the authorisation to perform a recovery, not the token itself. This also implies that after a successful recovery, no additional steps need to be performed in order to re-establish the recovery capability.
From a protocol point of view, this all makes sense and seems secure. From a documentation point of view however, this behaviour is only mentioned in passing in section 1.3 - It might be useful to have a section dedicated to explaining these behaviours and nuances.