On Sun, 2016-04-24 at 18:07 +0000, Xen wrote:
Interesting point. A zero-knowledge backup provider should only be allowed to call itself zero-knowledge if its access platform (client) is made or verified (ideally made really) by a third party. Otherwise you have a conflict of interests. You cannot depend on some other party always being able to make the moral high choice. What if law enforcement forces them to change their client without notifying you
warrant canary
? If you have an independent client that is really fully independent and cannot be retracted by any party, meaning it would have to be open source, only then can you say you have a zero-knowledge encryption storage platform.
even if it's independently encrypted by a third party, why would you trust the third party?
In Linux we solve it by encrypting thing ourselves I guess :-/.
In the real world we solve it by encrypting it ourselves, with our own private parameters, but using some open encryption software designed by third parties we trust, since we don't have the expertise to implement encryption software ourselves without introducing bugs. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org