Uploading files to the cloud and Security

Gervase Markham gerv at mozilla.org
Fri Nov 25 16:42:33 UTC 2011


On 24/11/11 20:30, Kai Engert wrote:
> Here is a proposal how it might work. On sending:
> - TB automatically creates a random symmetric key
> - TB encrypts the file using the key
> - TB uploads encrypted file
> - TB sends email that contains both an URL and the key required for
> decryption
>
> This would retain the current point-to-point semantic of email, and the
> current level of security.

I think this is a great improvement. However, the problem with such a 
service is the combination of legacy clients (which don't auto-download 
the file and "re-attach" it to the mail) and the possible desire of the 
server operator to not store people's large attachments for ever. There 
is therefore a risk of data loss.

You could get around that by never deleting people's data, but that 
would end up being expensive...

Gerv



More information about the tb-planning mailing list