summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2011-05-01 14:09:07 -0400
committerGravatar Joey Hess <joey@kitenet.net>2011-05-01 14:09:07 -0400
commit3095e1631180d87cba112c210dfdfeee9b57ef54 (patch)
tree4a2b29c7f367b70b01eb603dda8c776d3561d375
parent1f84c7a9642378e26d2b076def52255361591a04 (diff)
mention that the cipher can also be used to crypt access keys
-rw-r--r--doc/design/encryption.mdwn9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn
index b30e01cdd..bcd6a11bc 100644
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@@ -85,6 +85,15 @@ really have content. If it's later determined to be safe to not encrypt the
HMAC cipher, the current design allows changing that, even for existing
remotes.
+## other use of the symmetric cipher
+
+The symmetric cipher can be used to encrypt other content than the content
+sent to the remote. In particular, it may make sense to encrypt whatever
+access keys are used by the special remote with the cipher, and store that
+in remotes.log. This way anyone whose gpg key has been given access to
+the cipher can get access to whatever other credentials are needed to
+use the special remote.
+
## risks
A risk of this scheme is that, once the symmetric cipher has been obtained, it