From 3095e1631180d87cba112c210dfdfeee9b57ef54 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Sun, 1 May 2011 14:09:07 -0400
Subject: mention that the cipher can also be used to crypt access keys

---
 doc/design/encryption.mdwn | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn
index b30e01cdd..bcd6a11bc 100644
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@@ -85,6 +85,15 @@ really have content. If it's later determined to be safe to not encrypt the
 HMAC cipher, the current design allows changing that, even for existing
 remotes.
 
+## other use of the symmetric cipher
+
+The symmetric cipher can be used to encrypt other content than the content
+sent to the remote. In particular, it may make sense to encrypt whatever
+access keys are used by the special remote with the cipher, and store that
+in remotes.log. This way anyone whose gpg key has been given access to 
+the cipher can get access to whatever other credentials are needed to
+use the special remote.
+
 ## risks
 
 A risk of this scheme is that, once the symmetric cipher has been obtained, it
-- 
cgit v1.2.3