diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-05-10 14:07:13 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-05-10 14:07:13 -0400 |
commit | 72c53a3c6fc57bdd89bd4675d4c79ae27034f68c (patch) | |
tree | ea355fd6e78d343bf20080023aa5fa645e3665bf | |
parent | ae88c61f2323c02498690cbd847c11d6b2d46c7c (diff) |
update
-rw-r--r-- | doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_4_2ccd5e75f175f09b08cee2290720fdea._comment | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_4_2ccd5e75f175f09b08cee2290720fdea._comment b/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_4_2ccd5e75f175f09b08cee2290720fdea._comment new file mode 100644 index 000000000..558b03796 --- /dev/null +++ b/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_4_2ccd5e75f175f09b08cee2290720fdea._comment @@ -0,0 +1,21 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 4""" + date="2016-05-10T17:59:03Z" + content=""" +Thinking about this some more, I think it makes sense that your friend who +is doing the uploading is doing it from a clone of your repository. + +So, they could have access to the HMAC key, and could use it to encrypt +filenames, rather than using the un-encrypted keys. filenames seems better, +because there's no point in exposing the un-encrypted filenames to S3. + +So, the encryption setup on such a repository would be the un-encrypted +HMAC key, and an indication of what gpg public key to encrypt file contents +to. + +(Of course, you might choose to expose a sanitized form of your real +repository for cloning, that's more or less empty. And could even expose +it to the whole world if you want to let anyone use it for sending files +to you. In this case the un-encrypted HMAC key would be a pretty open secret.) +"""]] |