Cullen, Nice draft! I have been thinking about this problem as well and wonder where the line is for those who want protections from monitoring. What level of protection is needed so that the options we provide make sense and are actually used? Do we need to go further and what is the demand?
In addition to your proposal, I am wondering if we need alternate algorithms when worried about these use cases (e.g. Twofish instead of AES, etc.). Also, having the IdP as a service provider may be a showstopper for those concerned with monitoring, why couldn't that service provider be contacted as well? The point at which encryption is performed is use case dependent. You mention encryption at the client in the strategy slide, which is very important for this use case (not at the host or storage level). I would suggest repeating this in the Encrypted Data Content slide - encryption at the client or 'guest' level. Guest is another term I have been hearing, but I am not sure if it is a common term. Thanks, Kathleen Sent from my iPhone On Oct 20, 2013, at 5:57 PM, "Cullen Jennings" <[email protected]> wrote: > > I've been thinking about how to build cloud collaborations systems where the > data is encrypted and the cloud does not have the keys. Very interested in > hearing others thoughts on how to do this. > > Near the end is a list of things that it would be helpful if the IETF > standardized. > > http://www.ietf.org/id/draft-jennings-perpass-secure-rai-cloud-00.pdf > > Cullen > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
