@laurent These are the key limitations currently.
Expanding on resource encryption, there’s not necessarily a limitation for encrypting resources, but there may be limitations performing clean up of encrypted resources. It looks like plugins can have startup tasks, but would they allow access to delete files, particularly on mobile? Also on the desktop app, because the application data would not be in a secure sandbox like on iOS on Android, so you would want to have some kind of onExit task to clean up resources as well, which I don’t think you can do with plugins.
Expanding on revision control, because changes to encrypted text would result in the whole cipher being completely different, the diffs used to create revisions effectively mean each revision contains the whole note contents every time. From the perspective of storage space, this is maybe an acceptable caveat of encrypted notes. However, revisions are evaluated by merging diffs, and so an encrypted note with a long revision history could present a performance issue to evaluate revisions from much large diffs. Originally I propsed to opt out if revisions completely for encrypted notes, but that’s not ideal to be honest. One potential solution would be for notes marked as encrypted, to have a special case in the revision service to always create a revision with no parent id, so that the revision will always contain the full contents and wont need to merge with any other revision. For a plugin, there is neither a way to opt out of the revision service or to mark a note in a special way that it will be treated differently by the revision service.
Additionally for revisions, I realised yesterday that there is an edge case whereby if there are unsynced revisions on one device and you enable encryption on another device, due to the distributed nature of revisions, if you delete the local revisions upon enabling encryption, that wont stop the unencrypted data being uploaded from a revision on the other device later. I was thinking to deal with this, you could store a new flag on the revisions table which marks whether the note was encrypted at the time, and then have some kind of check when the encrypted flag on a note changes from null / false to true on save (including save triggered by the sync), that all revisions without the encrypted flag would be deleted. But this again would be a core code change and is not something that can be done in a plugin