docs: add compression design constraints
Some checks failed
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Failing after 21s
CI / Security Tests (push) Has been skipped
Some checks failed
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Failing after 21s
CI / Security Tests (push) Has been skipped
Compression must be paired with encryption (compress-then-encrypt) to prevent bypassing entropy enforcement via compress-only uploads.
This commit is contained in:
Username
3
TODO.md
3
TODO.md
@@ -9,6 +9,9 @@ Unstructured intake buffer for ideas, issues, and observations. Items here are r
|
||||
- Paste compression for large text content
|
||||
- Must mark compression in URL fragment (e.g., `#z:<key>` or `#<key>:z`)
|
||||
- Receiver needs to know content is compressed before decryption
|
||||
- Design: compress-then-encrypt only (not compress-only)
|
||||
- Compressed data has high entropy → bypasses entropy enforcement
|
||||
- Must enforce encryption when compression enabled (CLI-side)
|
||||
- ETag support for conditional requests
|
||||
- Neovim/Vim plugin for editor integration
|
||||
- Webhook notifications for paste events
|
||||
|
||||
Reference in New Issue
Block a user