diff options
| author |  Joey Hess <joey@kitenet.net> | 2011-04-06 19:12:38 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2011-04-06 19:12:38 -0400 |
| commit | 000247a37907634e99166d02799aa4dda61471d1 (patch) | |
| tree | 7d3424442dd9a99c839076f8ce0c9dc6d5fb45f9 /doc/design | |
| parent | a301a38d9969febdea3a4f3d3eb2d98077d3d66f (diff) | |
| parent | 711d48f32a205ad2023489f131e9a3b70080e900 (diff) | |
Merge remote-tracking branch 'branchable/master'
Diffstat (limited to 'doc/design')
| -rw-r--r-- | doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment | 10 | ||||
| -rw-r--r-- | doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment | 12 |
2 files changed, 22 insertions, 0 deletions
diff --git a/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment b/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment new file mode 100644 index 000000000..d5461e23c --- /dev/null +++ b/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joey.kitenet.net/" + nickname="joey" + subject="comment 2" + date="2011-04-05T18:41:49Z" + content=""" +I see no use case for verifying encrypted object files w/o access to the encryption key. And possible use cases for not allowing anyone to verify your data. + +If there are to be multiple encryption keys usable within a single encrypted remote, than they would need to be given some kind of name (a since symmetric key is used, there is no pubkey to provide a name), and the name encoded in the files stored in the remote. While certainly doable I'm not sold that adding a layer of indirection is worthwhile. It only seems it would be worthwhile if setting up a new encrypted remote was expensive to do. Perhaps that could be the case for some type of remote other than S3 buckets. +"""]] diff --git a/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment b/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment new file mode 100644 index 000000000..d3c483fdf --- /dev/null +++ b/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment @@ -0,0 +1,12 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawl9sYlePmv1xK-VvjBdN-5doOa_Xw-jH4U" + nickname="Richard" + subject="comment 3" + date="2011-04-05T23:24:17Z" + content=""" +Assuming you're storing your encrypted annex with me and I with you, our regular cron jobs to verify all data will catch corruption in each other's annexes. + +Checksums of the encrypted objects could be optional, mitigating any potential attack scenarios. + +It's not only about the cost of setting up new remotes. It would also be a way to keep data in one annex while making it accessible only in a subset of them. For example, I might need some private letters at work, but I don't want my work machine to be able to access them all. +"""]] |