mention that the cipher can also be used to crypt access keys

author: Joey Hess <joey@kitenet.net> 2011-05-01 14:09:07 -0400
committer: Joey Hess <joey@kitenet.net> 2011-05-01 14:09:07 -0400
commit: 3095e1631180d87cba112c210dfdfeee9b57ef54 (patch)
tree: 4a2b29c7f367b70b01eb603dda8c776d3561d375 /doc
parent: 1f84c7a9642378e26d2b076def52255361591a04 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn
index b30e01cdd..bcd6a11bc 100644
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@@ -85,6 +85,15 @@ really have content. If it's later determined to be safe to not encrypt the
 HMAC cipher, the current design allows changing that, even for existing
 remotes.
 
+## other use of the symmetric cipher
+
+The symmetric cipher can be used to encrypt other content than the content
+sent to the remote. In particular, it may make sense to encrypt whatever
+access keys are used by the special remote with the cipher, and store that
+in remotes.log. This way anyone whose gpg key has been given access to 
+the cipher can get access to whatever other credentials are needed to
+use the special remote.
+
 ## risks
 
 A risk of this scheme is that, once the symmetric cipher has been obtained, it
author	Joey Hess <joey@kitenet.net>	2011-05-01 14:09:07 -0400
committer	Joey Hess <joey@kitenet.net>	2011-05-01 14:09:07 -0400
commit	3095e1631180d87cba112c210dfdfeee9b57ef54 (patch)
tree	4a2b29c7f367b70b01eb603dda8c776d3561d375 /doc
parent	1f84c7a9642378e26d2b076def52255361591a04 (diff)