implement DAV interface

[lars]

DAV allows encrypted file transfer, simple authorization and seems to be supported by webdav clients for any major operating system .(http://www.akadia.com/services/mod_dav.html, therfore we have to change the webserver to apache)

(DAV was suggested by an anonymous commentary in the wiki)

[lars]

just for history - a discussion of a comment from anonymous:

Comment by anonymous on Tue Nov 29 13:54:27 2005

Let me just make sure I understand correctly. The protected data is encrypted on the Cryptobox drive, but is available in clear on the network, between the cryptobox and the user. Right?

Comment by lars on Tue Nov 29 17:39:12 2005

Yes - the data is clearly transmitted over the network, as Windows clients do not support encrypted network shares yet.

Do you have suggestions on how to secure the file transfer in a platform independent way?

Comment by anonymous on Tue Nov 29 18:46:59 2005

I guess it depends on what matters most for your project. Given your tagline, "Privacy for the rest of us", data confidentiality could be paramount. Probably more important than pure ease of use.

If this is the case I would suggest either using SSH (windows user can access files with a sftp/scp client, eg. WinSCP. linux clients can also use sshfs) or using a SSL-based VPN connection (eg. OpenVPN)

Comment by lars on Tue Nov 29 21:34:35 2005

Good point.

Most of us interpret "Privacy for the rest of us" as "allow the non-technical user to protect him/herself". We believe, that especially skilled linux/bsd/??? users are able to use the encryption toolkit of their choice without help. So we focus on windows users (without leaving interested users of other platforms behind).

A vpn connection would be great, but we consider this still as too complicated (on the windows client side) and maybe too unstable (our limited experience for servers).

We would be happy, if you (or someone else) would help us to find a usable solution for this serious problem.

Comment by anonymous on Wed Nov 30 05:53:24 2005

As has been pointed out, the data is secure on the server, but vulnerable in transit. The screen shots show that activation is done through the browser with SSL. Why not use the same method to access files on the server? Most current browsers allow upload/download files through them using SSL. That would protect the data from source to desktop. It would not allow things like mapping drives however, but use of SSL may be an option for reaching files while out of the office, etc...

Comment by lars on Wed Nov 30 13:17:14 2005

From our point of view, the drive mapping feature is necessary for most users. We want to keep the barrier for unexperienced users as low as possible without compromising security. For this scenario we think, that "power off"-security is more important than network security. Of course, it would be nice, if we would could achieve both aims.

Maybe we could continue this discussion on the mailing list? (cryptobox-dev-subscribe@…)

Comment by anonymous on Thu Dec 1 00:33:49 2005

Is that not the purpose of DAV? The last time I checked, Windows Explorer supports the DAV protocols which can be secured via SSL. Then again, also the last time I checked, DAV was non-intuitive to serve and Linux or BSD DAV clients are kludgy at best.

Comment by lars on Thu Dec 1 04:16:42 2005

Thanks for your hint!

I was not aware, that windows clients already support this protocol.

I think, we will implement DAV at least as an alternative access method for v0.3 ...

[age]

With [1052] the webdav event scripts are working properly. But for the live-CD ssl has to be used.