The Unclear Impact

One thing to develop is an at-rest-encrypted WebDAV/CalDAV/CardDAV service.

When you interface with the server, you submit the password as Basic Auth.

Can just do symmetric encryption with that, or do the usual dance of encrypting a private key with the password to allow other sessions to add calendars or shit.

Public/Private is beneficial: Assign a set of public keys to a directory, and encrypt all new data to that set.

Then you can share files between accounts.

And it's all transparently decrypted when you access it, so all your clients work.

The only problem you have is if attackers have access to your server process memory. Then they can steal the private key from there while you're connected; it's not E2EE.

Re: encyption

@juliank I think etebase solves this by encrypting everything client-side. the mains downsides are that

  1. calendars/contacts/other stuff cannot really be shared with other users (this should be theoretically possible, e2e file sharing services like Tresorit can solve it, but the etesync protocol doesn’t handle it nevertheless)
  2. it doesn’t really speak *DAV, but you need to run a bridge locally that actually handles the encryption. but afaik the Protonmail bridge for IMAP works similarly