summaryrefslogtreecommitdiff
path: root/docs/design/soledad.md
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2014-12-01 15:31:10 -0200
committerdrebs <drebs@leap.se>2014-12-01 15:31:10 -0200
commit6406443b9f1b4bb6bc2088a2d0115d053b542107 (patch)
treea5b4b672deb535f1cef94c6e4c4285191f572e58 /docs/design/soledad.md
parente858217d09fb94418eb96f75f610bf7e8a5416a5 (diff)
Add known limitations to Soledad doc.
Diffstat (limited to 'docs/design/soledad.md')
-rw-r--r--docs/design/soledad.md20
1 files changed, 10 insertions, 10 deletions
diff --git a/docs/design/soledad.md b/docs/design/soledad.md
index d876995..7d2db17 100644
--- a/docs/design/soledad.md
+++ b/docs/design/soledad.md
@@ -45,8 +45,12 @@ Goals
**Known limitations**
-* Currently, the server knows when the contents of a document have changed.
-* Currently, there is no facility for sharing documents among multiple users.
+These are currently known limitations:
+
+* The server knows when the contents of a document have changed.
+* There is no facility for sharing documents among multiple users.
+* Soledad is not able to prevent server from withholding new documents or new revisions of a document.
+* Deleted documents are never deleted, just emptied. Useful for security reasons, but could lead to DB bloat.
**Non-goals**
@@ -158,17 +162,13 @@ Before a JSON document is synced with the server, it is transformed into a docum
About these fields:
* `_enc_json`: The original JSON document, encrypted and hex encoded. Calculated as:
-```
- doc_key = hmac(storage_secret[MAC_KEY_LENGTH:], doc_id)
- ciphertext = hex(sym_encrypt(cipher, content, doc_key))
-```
+ * `doc_key = hmac(storage_secret[MAC_KEY_LENGTH:], doc_id)`
+ * `ciphertext = hex(sym_encrypt(cipher, content, doc_key))`
* `_enc_scheme`: Information about the encryption scheme used to encrypt this document (i.e.`pubkey`, `symkey` or `none`).
* `_enc_method`: Information about the block cipher that is used to encrypt this document.
* `_mac`: A MAC to prevent the server from tampering with stored documents. Calculated as:
-```
- mac_key = hmac(storage_secret[:MAC_KEY_LENGTH], doc_id)
- _mac = hmac(doc_id|rev|ciphertext|_enc_scheme|_enc_method|_enc_iv, mac_key)
-```
+ * `mac_key = hmac(storage_secret[:MAC_KEY_LENGTH], doc_id)`
+ * `_mac = hmac(doc_id|rev|ciphertext|_enc_scheme|_enc_method|_enc_iv, mac_key)`
* `_mac_method`: The method used to calculate the mac above (currently hmac).
Other variables: