Comment 7 for bug 375289
Revision history for this message
| Steve Alexander (stevea) wrote Re: Data should be encrypted on the server | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
That's right Elliot.
Eventually, we'll be using encryption in two places.
1. The Ubuntu One servers will encrypt each user's data with a key unique to that user, before storing it in Amazon's S3 service or any other scalable storage services we use. The point of this is that if there's a break-in to S3, there is no exposure of private data; and if one of the Ubuntu One storage API servers is compromised, there is a small exposure of private data, based on the users who were using that particular storage server at the time. It still means we need to keep the database of these encryption keys very very safe. We have facilities and procedures do that in the Canonical data centre, and this gives us one database that we need to keep secure and monitor very carefully.
We'll be making this change right away.
2. We'll integrate the Ubuntu One file storage that runs on desktops with the ecryptfs facilities in Ubuntu, so a user can choose whether a particular directory should be sent to the Ubuntu One servers in the clear (and be easily used for photo galleries and in a web-based file manager), or that it should be sent encrypted, so the Ubuntu One servers cannot read the contents of the files, but so that other Desktop machines that share ecryptfs keys can receive the files and read them. There will be some secure way of sharing keys among computers.
We've talked with people at UDS about this, but it's more complicated, so we won't be working on this for a while.