In a lot of end-to-end encryption systems, revocation mainly affects future access; older keys can still decrypt older snapshots/ciphertext that were already synced.
For teams with long-lived data and real offboarding/lost-device scenarios: what approaches have worked in practice, and what tends to fail?
Things I’m considering / curious about: • scheduled key rotation and re-encryption • epoch-based keys (short-lived or on membership change) • how you handle clients that are offline for a long time • recovery and usability tradeoffs (and what users actually tolerate)
If you’ve built or operated something like this, I’d love to hear pitfalls, constraints (performance, bandwidth, support burden), or any references you found useful.
verdverm•1w ago
This is why you don't see it more ubiquitously. What you do see is individual data handled more this way.
A different approach would to not give individuals decryption keys for the data directly, rather give them access to a shared key JIT. This is how we generally operate with secrets in the cloud, and this would be doing the same to get access to the secret decryption key, preferably in a locked down env they do not control and have little permissions in, if even a human at all
allen-chen•1w ago
The JIT/shared-key approach makes revocation much cleaner, but it also shifts trust to a controlled environment rather than purely client-held keys. Have you seen this used beyond secrets (for large file sets), especially where offline access or long-lived clients are involved?
verdverm•1w ago
hit me up if you want to chat, same handle everywhere and at gmail
allen-chen•1w ago
At the permissions layer, I’m curious how much of that design you expect to carry over once decryption keys are involved.
Happy to follow up off-thread as well.
verdverm•1w ago
For what I'm doing, everything should carry over because the permission system doesn't care what data it is gating
The hard problem I'm working on now is content moving or gardening in the face of at-uri. Users want to be able to drag-n-drop things, i.e. move a doc from one folder to another to share with a lawyer (Google docs inspired)
Have you seen peergos? It's spiritually closer to what you are after, iiuyc
allen-chen•1w ago