Re: [Taler] Technical questions for backup/sync (was: UI considerations for backup & sync)

[Florian Dold]

On 5/25/20 6:04 PM, Torsten Grote wrote:
> I don't know all your requirements for backup/sync and Anastasis, but
> here's a naive idea I wonder would fit those requirements and was
> considered: If each device is already identified by its unique public
> key, why not encrypt each backup blob with a fresh symmetric key which
> itself is encrypted to all device's public keys?

It doesn't really make sense to have multiple "Anastasis services" or
multiple core secrets that we separately back up with Anastasis.

Anastasis already *inherently* has the notion of multiple Anastasis
providers which all have different shares of the core secret.  Managing
multiple secrets in the wallet with multiple different "Anastasis
provider sets" is just a plain nightmare, and we should never implement
this.

There should be one core secret per wallet, but this secret might change
over time when adding/removing more backup providers.  Changing
Anastasis policies (i.e. adding/removing providers) shall be completely
orthogonal to managing sync servers.

(Maybe you're responding without the context of my response to
Christian's email.  The idea of one immutable master secret per wallet
leads to way more complications and problems than it solves.)

- Florian