Is there a design/rationale document for encryption? One way to deal with encryption is to only decrypt on client machines. That's (99.9%) obviously incompatible with a web interface, and 99% incompatible with caldav/carddav. But it would prevent someone who has compromised the server from accessing data.
Another approach is to let the web interface decrypt, but to be careful to never store the password. That will not protect against server compromise, but should be able to keep plaintext off the server's disks and backups. This seems useful. So, search indices could also be encrypted, requiring indexing and use to be while the user is logged in. Or it would be reasonable to just not allow search. Of course, it may be that support for encryption where the server handles the key is too much trouble for no real gain, depending on your threat model.
pgpOKZjqCD5rg.pgp
Description: PGP signature
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
