Uploading files to the cloud and Security

Gervase Markham gerv at mozilla.org
Fri Nov 25 17:50:56 UTC 2011


On 25/11/11 17:44, Jb Piacentino wrote:
> We ought to provide a universal experience there... Limiting decryption
> to Mozilla applications seems a little too restrictive to me.

This is a way off :-) but we might be able to do something with 
crypto-in-JS. So you access:

http://bigfiles.mozilla.org/45dcad3a12#key=adbfc3456cfa

and it loads a web page which downloads the file using XMLHTTPRequest 
and decrypts it client-side using the key before presenting a file 
download dialog using a data: url or somesuch. Given that the files will 
be big this might not be memory-performant, of course...

People can read the source to check that the server isn't snarfing their 
key.

Gerv




More information about the tb-planning mailing list