right! oh, i hadn't thought of that option. treating the ownCloud instance as a Sync client device rather than as (only) the Sync server. i still think it breaks the security model though.
if you're going to store the data without encryption on an always-on server like ownCloud, then why not just use transport layer encryption? Mozilla Sync goes through the painful restrictions imposed by end-to-end encryption because no trusted server is available. if you start trusting the server, then it's silly to keep encrypting the data at rest. i mean i don't want to poop the party if people want to implement it. you can certainly do it. i'm just saying that from an architecture perspective it's a bit silly. because the key would be right next to the encrypted data. On Tue, May 8, 2012 at 1:52 PM, Stephan Schulz <[email protected]> wrote: > Great to have that discussion over here. I partly disagree with Michiel. If a > user decides to trust his own cloud on his own server by storing the private > key on it, it is very similar to trusting another instance of Firefox on a > different computer by providing the key there. That of course does only apply > if the user is also the owner of the own cloud, but that might often be the > case here. > What would be great if the user can decide to trust the ownCloud instance or > not, by providing the user the option of both possibilities. > > Stephan > > > ----- Original Message ----- >> On Tue, May 8, 2012 at 7:45 AM, Timmeey <[email protected]> wrote: >> > I don't think that it is possible to access these firefox sync data >> > if we use the Firefox sync API. Coz by design everything gets >> > encrypted by firefox it Self. >> >> exactly. it's host-proof hosting. ownCloud does not get to see the >> data. the advantage is that if your ownCloud server gets hacked, your >> bookmarks and potential other things you may have in there are still >> safe. >> >> > >> > Maybe there is a Way. If we find a way for the users to get the >> > encryption key Out of firefox, Then they could give it to owncloud >> > for "on the fly decryption" of the Data. >> > >> >> no, that would totally break the design. the idea of Mozilla Sync is >> that you store your private stuff on an untrusted server, using >> host-proof hosting. if you start giving the private key to the data >> server, then you end up with something that's broken. >> >> it is definitely an interesting goal to have your bookmarks and >> browser settings on your ownCloud, but the way to achieve that would >> be to allow a "don't encrypt" option in Mozilla Sync. It would also >> be >> very interesting to tie that in with the webfinger app and Mozilla >> Persona. >> >> but if you're purely looking at using ownCloud for Mozilla Sync, then >> IMO you need to respect its end-to-end encryption design. >> _______________________________________________ >> Owncloud mailing list >> [email protected] >> https://mail.kde.org/mailman/listinfo/owncloud >> _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
