On Aug 12, 2013, at 12:21 PM, Mark Mayo <[email protected]> wrote: > On Mon, Aug 12, 2013 at 12:12 PM, Toby Elliott <[email protected]> wrote: > > Is the idea that the data would sit on the servers unencrypted? How far > reduced are you thinking? > > I believe the idea is that the data would be encrypted (with a generated, > strong key), but an assertion would grant access to the key stored on the key > server. Correct me if I'm wrong, Lloyd.
In that case, the legal issue remains (it's unencrypted to us!), there's a tighter bound on the target issue (though it doesn't go away, just reduces the protection need to the keyserver and makes life harder for the casual hackers), and removes any of the storage benefits. Not sure that tradeoff is better, but that gets heavily into PR questions. Toby _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
