Ryan Kelly wrote:
On 11/08/2013 4:36 PM, Andreas Gal wrote:
once we went
through one flag day and have the data stored in cleartext we can do
arbitrary storage format and wire protocol format changes.
Worst case we have to operate two services against the same data store
(reving the wire format), or the same service against two data stores
that we cross replicate (reving the storage format).
This seems to be implying cleartext storage of the data on our servers,
which is fundamentally at odds with the user stories as written.
The user stories ask for recoverable passwords, which means Mozilla
stores encrypted data plus the actual keys, so we can get to the
cleartext data as needed to do arbitrary storage conversions.
We could do server-side revisions of the wire format, if the underlying
models were similar enough. We discussed doing this to ease the
Sync1.1=>Sync2.0 transition, but decided against it because:
We can't do server-side revisions of the storage format, because encryption.
As above, this no longer applies with optional encryption.
ISTM the minimal thing we can ship as part of the flag day is New Auth
plus Device Capabilities API. So I agree with Nick, Brian et al when
they say:
"""
we need to both rev auth and implement version negotiation
"""
But I haven't seen any concrete proposals for how we'll do this
version-negotiation piece. I'm going to go ahead and sketch out a
strawman in a separate email.
I agree we should have that.
Andreas
Cheers,
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
