From 08a23997dd5068218e7fd05bfb23cf52dd6299b0 Mon Sep 17 00:00:00 2001
From: "http://joey.kitenet.net/" <joey@web>
Date: Tue, 5 Apr 2011 18:41:49 +0000
Subject: Added a comment

---
 .../comment_2_a610b3d056a059899178859a3a821ea5._comment        | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment

(limited to 'doc/design')

diff --git a/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment b/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment
new file mode 100644
index 000000000..d5461e23c
--- /dev/null
+++ b/doc/design/encryption/comment_2_a610b3d056a059899178859a3a821ea5._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joey.kitenet.net/"
+ nickname="joey"
+ subject="comment 2"
+ date="2011-04-05T18:41:49Z"
+ content="""
+I see no use case for verifying encrypted object files w/o access to the encryption key. And possible use cases for not allowing anyone to verify your data.
+
+If there are to be multiple encryption keys usable within a single encrypted remote, than they would need to be given some kind of name (a since symmetric key is used, there is no pubkey to provide a name), and the name encoded in the files stored in the remote. While certainly doable I'm not sold that adding a layer of indirection is worthwhile. It only seems it would be worthwhile if setting up a new encrypted remote was expensive to do. Perhaps that could be the case for some type of remote other than S3 buckets.
+"""]]
-- 
cgit v1.2.3


From 711d48f32a205ad2023489f131e9a3b70080e900 Mon Sep 17 00:00:00 2001
From: 
 "https://www.google.com/accounts/o8/id?id=AItOawl9sYlePmv1xK-VvjBdN-5doOa_Xw-jH4U"
 <Richard@web>
Date: Tue, 5 Apr 2011 23:24:18 +0000
Subject: Added a comment

---
 .../comment_3_cca186a9536cd3f6e86994631b14231c._comment      | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment

(limited to 'doc/design')

diff --git a/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment b/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment
new file mode 100644
index 000000000..d3c483fdf
--- /dev/null
+++ b/doc/design/encryption/comment_3_cca186a9536cd3f6e86994631b14231c._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawl9sYlePmv1xK-VvjBdN-5doOa_Xw-jH4U"
+ nickname="Richard"
+ subject="comment 3"
+ date="2011-04-05T23:24:17Z"
+ content="""
+Assuming you're storing your encrypted annex with me and I with you, our regular cron jobs to verify all data will catch corruption in each other's annexes.
+
+Checksums of the encrypted objects could be optional, mitigating any potential attack scenarios.
+
+It's not only about the cost of setting up new remotes. It would also be a way to keep data in one annex while making it accessible only in a subset of them. For example, I might need some private letters at work, but I don't want my work machine to be able to access them all.
+"""]]
-- 
cgit v1.2.3