[Owncloud] Encryption
Sven Radde
sven at fsfe.org
Fri May 25 06:47:48 UTC 2012
Am Mittwoch, den 23.05.2012, 09:39 +0200 schrieb Daniel Danger:
> Can anyone answer that question? I'd really be interested.
>
> On 05/22/2012 09:07 PM, Aggelos Economopoulos wrote:
> > What needs to be clarified here is what the threat model is. What does
> > this encryption scheme try to protect against?
AFAICT, the question is still unanswered.
A cynic might argue that this is an answer in itself, though...
Is anybody interested in working on threat models that Owncloud's
encryption (once it is done properly) can and/or should protect against?
IMHO we cannot get very far if the encryption runs on the server-side
(impossible to protect against a malicious admin in this case).
However, client-side encryption is only possible when all accesses run
through the web browser or dedicated clients (i.e., not with "raw"
WebDAV/CardDAV/CLDAV access - which is one of Ownclouds big selling
points for me).
cu, Sven
More information about the Owncloud
mailing list