From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jakub Narebski Subject: Re: encrypted repositories? Date: Mon, 20 Jul 2009 06:48:03 -0700 (PDT) Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Linus Torvalds" , git@vger.kernel.org To: "Matthias Andree" X-From: git-owner@vger.kernel.org Mon Jul 20 15:48:18 2009 Return-path: Envelope-to: gcvg-git-2@gmane.org Received: from vger.kernel.org ([209.132.176.167]) by lo.gmane.org with esmtp (Exim 4.50) id 1MStDz-0003EV-M9 for gcvg-git-2@gmane.org; Mon, 20 Jul 2009 15:48:16 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753801AbZGTNsI (ORCPT ); Mon, 20 Jul 2009 09:48:08 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753797AbZGTNsH (ORCPT ); Mon, 20 Jul 2009 09:48:07 -0400 Received: from mail-fx0-f218.google.com ([209.85.220.218]:50150 "EHLO mail-fx0-f218.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753726AbZGTNsG (ORCPT ); Mon, 20 Jul 2009 09:48:06 -0400 Received: by fxm18 with SMTP id 18so1975339fxm.37 for ; Mon, 20 Jul 2009 06:48:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:to:cc:subject:references:from:date :in-reply-to:message-id:lines:user-agent:mime-version:content-type; bh=KheRG/bp/M5212jFrPzobUdFCS9nVMA0ka0bG7mrirg=; b=f0q/uoUjAHaTUzEopaeSmlvHBu5+eYdjr6Ji4ZDuk8E/CMIGTFC6fMOh/0kgkwGuob 0c9dqHZFlu/TXWlE+Hxn7Cy99M1aAKINcXDjtlX/7ph5raJngGI8hnLumXN+x0Ii/tah /2mBtFMwHfXCVY0HONilyxhH7Y5VIA83Rx9h4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=x-authentication-warning:to:cc:subject:references:from:date :in-reply-to:message-id:lines:user-agent:mime-version:content-type; b=gsM1PwhBaZMr4B82vUtnEuhIO1Oli+09XPQwX0/hHprShy3eaNjPfMTm1S8UdNqe4i RJNceC62GzwEGWv78SbGqBbt4KbVLXdR85QvDpXhv0ctLpC4PA8wnn2EoGaSVOiXTw3c 3mU9tO2aCq/AbxaeKahqYMnwHKFNJycpCkiN0= Received: by 10.86.25.17 with SMTP id 17mr3549051fgy.73.1248097684812; Mon, 20 Jul 2009 06:48:04 -0700 (PDT) Received: from localhost.localdomain (abve48.neoplus.adsl.tpnet.pl [83.8.202.48]) by mx.google.com with ESMTPS id 4sm11207634fgg.2.2009.07.20.06.48.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 20 Jul 2009 06:48:03 -0700 (PDT) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.13.4/8.13.4) with ESMTP id n6KDm2bK024122; Mon, 20 Jul 2009 15:48:02 +0200 Received: (from jnareb@localhost) by localhost.localdomain (8.13.4/8.13.4/Submit) id n6KDm1pI024119; Mon, 20 Jul 2009 15:48:01 +0200 X-Authentication-Warning: localhost.localdomain: jnareb set sender to jnareb@gmail.com using -f In-Reply-To: User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Archived-At: "Matthias Andree" writes: > On a more general note, is someone looking into improving the http:// > efficiency? Perhaps there are synergies between my plan of (a) > encryption and (b) more efficient "dumb" (http/rsync/...) protocol > use. There was idea about improving http:// efficiency, but it was via crating git-over-HTTP aka. "smart" HTTP server, i.e. you would have to have DAG exposed, like for git:// and ssh:// On the other hand for http:// server need only "dumb" web server, and additional metadata generated by git-update-server-info. It is client who does "walking" the DAG, so all data including server metadata can be encrypted, and decrypted on-the-fly by client. I don't know though what information leakage you would get from existence of loose objects and packfiles, and their sizes. Probably negligible... -- Jakub Narebski Poland ShadeHawk on #git