On Mon, Jul 20, 2009 at 02:09:28PM +0200, Matthias Andree wrote: > No, the server can't be allowed access to the keys or decrypted data. > > I'm not sure about the graph, and if I should be concerned. Exposing > the DAG might be in order. > > It would be ok if the disk storage and the over-the-wire format > cannot use delta compression then. It would suffice to just send a > set of objects efficiently - and perhaps smaller revisions can be > delta-compressed by the clients when pushing. The problem is that you need to expose not just the DAG, but also the hashes of trees and blobs. Because if I know you have master^, and I want to send you master, then I need to know which objects are referenced by master that are not referenced by master^. So now you have security implications, because I can do an offline guessing attack against your files (i.e., calculate git blob hashes for likely candidates and see if you have them). Whether that is a problem really depends on your data. Not to mention that it makes the protocol a lot more complex, as you would be encrypting _parts_ of objects, like the filenames of a tree, and the commit message of a commit object. I suppose in theory you could obfuscate the sha1's in a way that preserved the object relationships but revealed no information. That is, the server would have one "fake" set of sha1's, and the client would map its real sha1's to the fake ones when talking with the server. But that is again potentially getting complex. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html