On Feb 19, 2014, at 1:26 PM, Richard Newman <rnew...@mozilla.com> wrote:
>> We will not fail because TLS-level attackers replay users' requests. We are >> much more likely to fail by not being able to manage self-induced complexity >> and repelling users with frustrating experiences resulting from that >> complexity. > > +eleventy. Indeed. While we're theoretically a little more of a target than current sync (since the password stretching *might* lead to weaker crypto), we're still miles away from being a valuable target. A little flexibility in service of making the users happier is good. Toby _______________________________________________ Sync-dev mailing list Sync-dev@mozilla.org https://mail.mozilla.org/listinfo/sync-dev