Presuming I understand how it works... I think having AWS perform the encryption partially defeats the purpose of encryption. If the goal was to prevent another party from being able to get the data, then transmitting the encryption key to the other party seems like a really bad idea. Sure it is reduced exposure because it theoretically puts a time scope on how long the encryption key is available to the other party, but it leaves two possibilities:
1) Another party records *all* traffic for future reference. They record the unencrypted data in a parallel storage array. 2) Another party records *just* the encryption keys for future reference. They can then unencrypt the data at any time in the future. This is a lot more practical, because the encryption keys will be only a fraction of the blob sizes, and they can access the blob later. Personally, it sounds like a silly idea to me... On Sat, Jul 19, 2014 at 11:19 PM, Nikolaus Rath <[email protected]> wrote: > Hello, > > It has been requested > ( > https://bitbucket.org/nikratio/s3ql/issue/62/add-support-for-aws-server-side-encryption > ) > that I enable AWS server-side encryption in S3QL. > > I am ambigious on the matter. On one side, there does not seem to be any > technical drawback. On the other side, there does not seem to be any > (significant) technical advantage either, so I'm still hesitant to > enable this without a good reason. > > If anyone has some thoughts on the question, please chime in. > > > Best, > -Nikolaus > > -- > GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F > Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F > > »Time flies like an arrow, fruit flies like a Banana.« > > -- > You received this message because you are subscribed to the Google Groups > "s3ql" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Mark Mielke <[email protected]> -- You received this message because you are subscribed to the Google Groups "s3ql" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
