MNThomson
commented
1 month ago The spec calls for:
- Encryption at rest: The SSD that the preview/production environment database is running on has full disk encryption (the local development does not require encryption)
- Encryption in transit: All communication on the external internet is encrypted using TLS
Encrypting data in memory/database is pointless:
- Listing: all the data in the listings table is accessible from the public listing, so there's no need to "protect" any of it (public data is obviously not sensitive).
- User: all data in the user table is public except for the email address. However, emails are generally considered public information and we also need to be able to send the user emails (so we have to be able to view emails, meaning we can't use client keys to encrypt that data)
- Messages: now realistically we could encrypt the messages stored in the database, but there seems to be so explicit reason to do so. The messages exchanged on Martletplace won't be "sensitive" (e.g. negotiating a price for a squash raquet) and follow the standard that SnapChat, Facebook Marketplace, Discord, etc... follow (no encryption)
cc: @TobySMurray
Feature Description
All message data needs to be encrypted at rest. The team will investigate methods for doing this.
Problem You're Trying to Solve
Messages can contain private information that should be kept private.