)]}'
{"specs/victoria/encrypted-messages-in-queue.rst":[{"author":{"_account_id":31882,"name":"Wander Way","email":"wanderwayout@gmail.com","username":"wanderway"},"change_message_id":"5358db60aea696305098ddd9e5c13b2e999a28d5","unresolved":false,"context_lines":[{"line_number":39,"context_line":"#. \"_enable_decrypt_messages\u003dtrue/false\" : this will tell Zaqar whether decrypt"},{"line_number":40,"context_line":"   messages before returning them to users."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_db3df2bb","line":42,"range":{"start_line":42,"start_character":3,"end_line":42,"end_character":77},"updated":"2020-06-03 01:41:09.000000000","message":"can you tell more here? what attribute? how does it work?","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":8846,"name":"Hao Wang","display_name":"Hao Wang","email":"sxmatch1986@gmail.com","username":"sxmatch"},"change_message_id":"04368c593569ecb5bb1da87d2cf6e459c63001ee","unresolved":false,"context_lines":[{"line_number":39,"context_line":"#. \"_enable_decrypt_messages\u003dtrue/false\" : this will tell Zaqar whether decrypt"},{"line_number":40,"context_line":"   messages before returning them to users."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_1beacad6","line":42,"range":{"start_line":42,"start_character":3,"end_line":42,"end_character":77},"in_reply_to":"ff570b3c_db3df2bb","updated":"2020-06-03 02:17:11.000000000","message":"sure，there means adding a new attribute to message object like \"is_encrypted\u003dTrue/False\", which will let Zaqar system know this content of message is encrypted string.","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":31882,"name":"Wander Way","email":"wanderwayout@gmail.com","username":"wanderway"},"change_message_id":"5358db60aea696305098ddd9e5c13b2e999a28d5","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"4. Support to decrypt the encrypted messages according to the metadata of queue."},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_9b7ffa64","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":30},"updated":"2020-06-03 01:41:09.000000000","message":"1. How will the key for encryption and decryption be stored?\n2. Will each queue has its own key? or the key is used global?\n3. In the case:   {\n    \"_enable_encrypt_messages\": true,\n    \"_enable_decrypt_messages\": false\n  }\n    I assume users should decrypt the message by himself, right? Then how do they get the decryption key? Or how will they send the encryption key to Zaqar?","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":31882,"name":"Wander Way","email":"wanderwayout@gmail.com","username":"wanderway"},"change_message_id":"d578da987a9baa6710c719085ba6bcc7f4dbff19","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"4. Support to decrypt the encrypted messages according to the metadata of queue."},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_5ea0b0f4","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":30},"in_reply_to":"ff570b3c_3b74ee35","updated":"2020-06-03 03:25:19.000000000","message":"Make sense.\n\nGeting the decription key(usually it\u0027s private key) from endpoint is dangerous.\nI think there are two case:\n1. Use Zaqar\u0027s key-pairs. In this case, users should not get the private key. i.e. all action is done by Zaqar.\n2. Use user\u0027s key-paris. In this case, users should only upload their public key to Zaqar and decrypt the message by themself. i.e. the pricate key should not expose to others, even to Zaqar.\n\nSo in these two case, you can find that \"_enable_encrypt_messages\" and \"_enable_decrypt_messages\" are mutual exclusion. In case 1, `_enable_decrypt_messages` should be always `True`, otherwise users can not decypt the message. In case 2, `_enable_decrypt_messages` should be always `False`, since Zaqar can\u0027t decypt the message. So \"_enable_decrypt_messages\" is meaningless IMO.\n\nI think only `_enable_encrypt_messages` is enough. If use global key, Zaqar will decypt the message. If use users\u0027 key, users will decypt the message.\n\nHow do you think","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":8846,"name":"Hao Wang","display_name":"Hao Wang","email":"sxmatch1986@gmail.com","username":"sxmatch"},"change_message_id":"daf4d54c008bdbc5eaca8f041f054bb2526647ba","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"4. Support to decrypt the encrypted messages according to the metadata of queue."},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_83f6598e","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":30},"in_reply_to":"ff570b3c_5ea0b0f4","updated":"2020-06-04 01:06:52.000000000","message":"Totally agree, two metadata now are pretty confusing to users too.","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":8846,"name":"Hao Wang","display_name":"Hao Wang","email":"sxmatch1986@gmail.com","username":"sxmatch"},"change_message_id":"04368c593569ecb5bb1da87d2cf6e459c63001ee","unresolved":false,"context_lines":[{"line_number":41,"context_line":""},{"line_number":42,"context_line":"2. Add new attribute to message for indicating the encrypted messages or not."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"3. Support to use algorithms to encrypt messages in transport layer before"},{"line_number":45,"context_line":"   storing them into backends."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"4. Support to decrypt the encrypted messages according to the metadata of queue."},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_3b74ee35","line":45,"range":{"start_line":44,"start_character":0,"end_line":45,"end_character":30},"in_reply_to":"ff570b3c_9b7ffa64","updated":"2020-06-03 02:17:11.000000000","message":"In V Cycle, I want to just support the global key for encryption and decryption, and it will be held by Zaqar service itself. Go a step further, we can consider the Barbican Project to store and manage the key.\n\nAnd users could have two ways to get the key in my mind. 1. Get the key offline from the admin user directly. 2. Zaqar could give a new endpoint to let user get the key through http/https. (Although I think it could have another security risk.)","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":31882,"name":"Wander Way","email":"wanderwayout@gmail.com","username":"wanderway"},"change_message_id":"5358db60aea696305098ddd9e5c13b2e999a28d5","unresolved":false,"context_lines":[{"line_number":57,"context_line":"API Impact"},{"line_number":58,"context_line":"-----------"},{"line_number":59,"context_line":"Create queue list"},{"line_number":60,"context_line":"POST: /v2/queues/encrypted_queue"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  RESPONSE CODE: 200"},{"line_number":63,"context_line":"  REQUEST BODY:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_5bee0222","line":60,"range":{"start_line":60,"start_character":0,"end_line":60,"end_character":32},"updated":"2020-06-03 01:41:09.000000000","message":"Adding new metadata for queue is enough IMO, no need to add a new endpoint","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"},{"author":{"_account_id":8846,"name":"Hao Wang","display_name":"Hao Wang","email":"sxmatch1986@gmail.com","username":"sxmatch"},"change_message_id":"04368c593569ecb5bb1da87d2cf6e459c63001ee","unresolved":false,"context_lines":[{"line_number":57,"context_line":"API Impact"},{"line_number":58,"context_line":"-----------"},{"line_number":59,"context_line":"Create queue list"},{"line_number":60,"context_line":"POST: /v2/queues/encrypted_queue"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  RESPONSE CODE: 200"},{"line_number":63,"context_line":"  REQUEST BODY:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ff570b3c_bbb2be04","line":60,"range":{"start_line":60,"start_character":0,"end_line":60,"end_character":32},"in_reply_to":"ff570b3c_5bee0222","updated":"2020-06-03 02:17:11.000000000","message":"sure. sorry for the misleading here, it\u0027s just the queue\u0027s name.","commit_id":"dd4370dae1953ef0a5ea1200efd9de0dbf96fabf"}]}