[Owncloud] Mozilla sync integration project

Michał Jaskurzyński jaskoola at gmail.com
Mon May 21 16:28:52 UTC 2012


Hi,

I started working and I implemented user api part. There is at
https://gitorious.org/~mjaskurzynski/owncloud/mjaskurzynskis-owncloud/commits/firefox-sync-service.
Could you give me feedback (code quality, coding style etc.)?

WBR
Michal Jaskurzynski

2012/5/8 Michiel de Jong <michiel at unhosted.org>:
> right! oh, i hadn't thought of that option. treating the ownCloud
> instance as a Sync client device rather than as (only) the Sync
> server. i still think it breaks the security model though.
>
> if you're going to store the data without encryption on an always-on
> server like ownCloud, then why not just use transport layer
> encryption? Mozilla Sync goes through the painful restrictions imposed
> by end-to-end encryption because no trusted server is available. if
> you start trusting the server, then it's silly to keep encrypting the
> data at rest.
>
> i mean i don't want to poop the party if people want to implement it.
> you can certainly do it. i'm just saying that from an architecture
> perspective it's a bit silly. because the key would be right next to
> the encrypted data.
>
> On Tue, May 8, 2012 at 1:52 PM, Stephan Schulz <lists at seron.de> wrote:
>> Great to have that discussion over here. I partly disagree with Michiel. If a user decides to trust his own cloud on his own server by storing the private key on it, it is very similar to trusting another instance of Firefox on a different computer by providing the key there. That of course does only apply if the user is also the owner of the own cloud, but that might often be the case here.
>> What would be great if the user can decide to trust the ownCloud instance or not, by providing the user the option of both possibilities.
>>
>> Stephan
>>
>>
>> ----- Original Message -----
>>> On Tue, May 8, 2012 at 7:45 AM, Timmeey <timmeey at timmeey.de> wrote:
>>> > I don't think that it is possible to access these firefox sync data
>>> > if we use the Firefox sync API. Coz by design everything gets
>>> > encrypted by firefox it Self.
>>>
>>> exactly. it's host-proof hosting. ownCloud does not get to see the
>>> data. the advantage is that if your ownCloud server gets hacked, your
>>> bookmarks and potential other things you may have in there are still
>>> safe.
>>>
>>> >
>>> > Maybe there is a Way. If we find a way for the users to get the
>>> > encryption key Out of firefox, Then they could give it to owncloud
>>> > for "on the fly decryption" of the Data.
>>> >
>>>
>>> no, that would totally break the design. the idea of Mozilla Sync is
>>> that you store your private stuff on an untrusted server, using
>>> host-proof hosting. if you start giving the private key to the data
>>> server, then you end up with something that's broken.
>>>
>>> it is definitely an interesting goal to have your bookmarks and
>>> browser settings on your ownCloud, but the way to achieve that would
>>> be to allow a "don't encrypt" option in Mozilla Sync. It would also
>>> be
>>> very interesting to tie that in with the webfinger app and Mozilla
>>> Persona.
>>>
>>> but if you're purely looking at using ownCloud for Mozilla Sync, then
>>> IMO you need to respect its end-to-end encryption design.
>>> _______________________________________________
>>> Owncloud mailing list
>>> Owncloud at kde.org
>>> https://mail.kde.org/mailman/listinfo/owncloud
>>>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud



More information about the Owncloud mailing list