Am Mittwoch, den 23.05.2012, 09:39 +0200 schrieb Daniel Danger: > Can anyone answer that question? I'd really be interested. > > On 05/22/2012 09:07 PM, Aggelos Economopoulos wrote: > > What needs to be clarified here is what the threat model is. What does > > this encryption scheme try to protect against?
AFAICT, the question is still unanswered. A cynic might argue that this is an answer in itself, though... Is anybody interested in working on threat models that Owncloud's encryption (once it is done properly) can and/or should protect against? IMHO we cannot get very far if the encryption runs on the server-side (impossible to protect against a malicious admin in this case). However, client-side encryption is only possible when all accesses run through the web browser or dedicated clients (i.e., not with "raw" WebDAV/CardDAV/CLDAV access - which is one of Ownclouds big selling points for me). cu, Sven _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
