On Aug 15, 2013, at 10:39 AM, Deb Richardson <[email protected]> wrote:
> Hello! > > Rnewman walked through the user stories and split them out into Milestones 1 > & 2 based on recent discussion, and I've gone ahead and reflected that in the > wiki page here: > > https://wiki.mozilla.org/User_Services/Sync/v1#User_stories > > Please go through those and ensure that it all works and makes sense based on > your current understanding. Please raise any questions & issues here. > Hi Deb, Largely looks good. 1) Re: "changing your password". Engineering makes a distinction between "changing your password" (I know the old password and want to change it) and "resetting your password" (I forgot the old one and need to reset it). I see a user story about changing your password, but see none about resetting. FWIW, in the UX testing we did, we tested "reset", but not "change". Also, I have not seen UI mocks for "change". The good news is our FA server supports both password change and reset. 2) Re: "security/encryption" in Milestone 1. I voiced my objection to the single Milestone 1 security story to you this morning. IMO, it promises too much, e.g., protection against "local people". How about this instead: "As a user, I expect knowledge of my Firefox Account password is required to access my Firefox server data." Alternatively, "As a user, I expect Firefox Sync to securely encrypt all my Firefox server data with my Firefox Account password." Our current plan for this requirement in Milestone 1 is to encrypt all data with the user's Firefox Account password. This means if a user resets her FA password, all her *server* data will be unrecoverable/deleted. This engineering decision is scoped to Milestone 1 for the sake of expediency and will not restrict us from offering more recoverability in future milestones, e.g., the stories in Milestone 2. 3) Re: "security/encryption" in Milestone 2. I'll propose any changes to these after we finish discussion of the security story in Milestone 1. My primary objection is that the language is too strong. The strength of the encryption depends on the strength of the user's password, so language like "completely unrecoverable" does not ring true to me. "Completely unrecoverable" implies full-strength encryption, akin the what the current Firefox Sync provides. Language like "encrypted by the user's password" or "protected by a user's password" is a more accurate representation of what we'll be doing. -chris _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
