[Owncloud] Encryption

Sven Radde sven at fsfe.org
Fri May 25 06:47:48 UTC 2012


Am Mittwoch, den 23.05.2012, 09:39 +0200 schrieb Daniel Danger: 
> Can anyone answer that question? I'd really be interested.
> 
> On 05/22/2012 09:07 PM, Aggelos Economopoulos wrote:
> > What needs to be clarified here is what the threat model is. What does
> > this encryption scheme try to protect against?

AFAICT, the question is still unanswered.
A cynic might argue that this is an answer in itself, though...

Is anybody interested in working on threat models that Owncloud's
encryption (once it is done properly) can and/or should protect against?
IMHO we cannot get very far if the encryption runs on the server-side
(impossible to protect against a malicious admin in this case).
However, client-side encryption is only possible when all accesses run
through the web browser or dedicated clients (i.e., not with "raw"
WebDAV/CardDAV/CLDAV access - which is one of Ownclouds big selling
points for me).

cu, Sven




More information about the Owncloud mailing list