> 2) Re: "security/encryption" in Milestone 1. I voiced my objection to the
> single Milestone 1 security story to you this morning. IMO, it promises too
> much, e.g., protection against "local people". How about this instead: "As a
> user, I expect knowledge of my Firefox Account password is required to access
> my Firefox server data." Alternatively, "As a user, I expect Firefox Sync to
> securely encrypt all my Firefox server data with my Firefox Account password."
+1 to either of these, fwiw.
> 3) Re: "security/encryption" in Milestone 2. I'll propose any changes to
> these after we finish discussion of the security story in Milestone 1. My
> primary objection is that the language is too strong. The strength of the
> encryption depends on the strength of the user's password, so language like
> "completely unrecoverable" does not ring true to me. "Completely
> unrecoverable" implies full-strength encryption, akin the what the current
> Firefox Sync provides. Language like "encrypted by the user's password" or
> "protected by a user's password" is a more accurate representation of what
> we'll be doing.
+1 to this too, with the caveat that I don't know what kind of user is
represented by our user stories. I don't know if it's worth trying to define
exactly what kinds of strength we mean ("completely unrecoverable without
cracking the user's password via an offline dictionary attack"), or if it's
enough to just use careful wording a la what Chris proposes here. I have a
vague feeling that what we want is for product to understand the kinds of
guarantees we can offer here, but maybe vagueness is appropriate?
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
