I'll start of by saying that that is just awesome!
Vänlig hälsning / Yours sincerely,
Daniel Holm
IT Consultant
Web Developer
Student
Tel: +46 76-1650946
[email protected]
http://www.danielholm.se
Den mån 21 maj 2012 18:28:52 skrev Michał Jaskurzyński:
Hi,
I started working and I implemented user api part. There is at
https://gitorious.org/~mjaskurzynski/owncloud/mjaskurzynskis-owncloud/commits/firefox-sync-service.
Could you give me feedback (code quality, coding style etc.)?
WBR
Michal Jaskurzynski
2012/5/8 Michiel de Jong<[email protected]>:
right! oh, i hadn't thought of that option. treating the ownCloud
instance as a Sync client device rather than as (only) the Sync
server. i still think it breaks the security model though.
if you're going to store the data without encryption on an always-on
server like ownCloud, then why not just use transport layer
encryption? Mozilla Sync goes through the painful restrictions imposed
by end-to-end encryption because no trusted server is available. if
you start trusting the server, then it's silly to keep encrypting the
data at rest.
i mean i don't want to poop the party if people want to implement it.
you can certainly do it. i'm just saying that from an architecture
perspective it's a bit silly. because the key would be right next to
the encrypted data.
On Tue, May 8, 2012 at 1:52 PM, Stephan Schulz<[email protected]> wrote:
Great to have that discussion over here. I partly disagree with Michiel. If a
user decides to trust his own cloud on his own server by storing the private
key on it, it is very similar to trusting another instance of Firefox on a
different computer by providing the key there. That of course does only apply
if the user is also the owner of the own cloud, but that might often be the
case here.
What would be great if the user can decide to trust the ownCloud instance or
not, by providing the user the option of both possibilities.
Stephan
----- Original Message -----
On Tue, May 8, 2012 at 7:45 AM, Timmeey<[email protected]> wrote:
I don't think that it is possible to access these firefox sync data
if we use the Firefox sync API. Coz by design everything gets
encrypted by firefox it Self.
exactly. it's host-proof hosting. ownCloud does not get to see the
data. the advantage is that if your ownCloud server gets hacked, your
bookmarks and potential other things you may have in there are still
safe.
Maybe there is a Way. If we find a way for the users to get the
encryption key Out of firefox, Then they could give it to owncloud
for "on the fly decryption" of the Data.
no, that would totally break the design. the idea of Mozilla Sync is
that you store your private stuff on an untrusted server, using
host-proof hosting. if you start giving the private key to the data
server, then you end up with something that's broken.
it is definitely an interesting goal to have your bookmarks and
browser settings on your ownCloud, but the way to achieve that would
be to allow a "don't encrypt" option in Mozilla Sync. It would also
be
very interesting to tie that in with the webfinger app and Mozilla
Persona.
but if you're purely looking at using ownCloud for Mozilla Sync, then
IMO you need to respect its end-to-end encryption design.
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
