I agree with what Mark said. The only thing holding back many users from cloud services is perceived security issues. Client-side encryption is the only way to truly resolve those issues. Server-side encryption adds no value, IMO.
On Sun, Jul 20, 2014 at 12:49 AM, Mark Mielke <[email protected]> wrote: > Presuming I understand how it works... I think having AWS perform the > encryption partially defeats the purpose of encryption. If the goal was to > prevent another party from being able to get the data, then transmitting > the encryption key to the other party seems like a really bad idea. Sure it > is reduced exposure because it theoretically puts a time scope on how long > the encryption key is available to the other party, but it leaves two > possibilities: > > 1) Another party records *all* traffic for future reference. They record > the unencrypted data in a parallel storage array. > 2) Another party records *just* the encryption keys for future reference. > They can then unencrypt the data at any time in the future. This is a lot > more practical, because the encryption keys will be only a fraction of the > blob sizes, and they can access the blob later. > > Personally, it sounds like a silly idea to me... > > > > On Sat, Jul 19, 2014 at 11:19 PM, Nikolaus Rath <[email protected]> wrote: > >> Hello, >> >> It has been requested >> ( >> https://bitbucket.org/nikratio/s3ql/issue/62/add-support-for-aws-server-side-encryption >> ) >> that I enable AWS server-side encryption in S3QL. >> >> I am ambigious on the matter. On one side, there does not seem to be any >> technical drawback. On the other side, there does not seem to be any >> (significant) technical advantage either, so I'm still hesitant to >> enable this without a good reason. >> >> If anyone has some thoughts on the question, please chime in. >> >> >> Best, >> -Nikolaus >> >> -- >> GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F >> Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F >> >> »Time flies like an arrow, fruit flies like a Banana.« >> >> -- >> You received this message because you are subscribed to the Google Groups >> "s3ql" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Mark Mielke <[email protected]> > > -- > You received this message because you are subscribed to the Google Groups > "s3ql" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "s3ql" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
