I've been pondering over this for a while, but since I'm a bit tight on time, I'll drop this for discussion.
The current idea behind a password-protected ticket is to prevent that access is granted if the ticket ID/url is discovered by other means. The ticket/grant ID space is already pretty large, and the ID is generated using a pseudo-random salt, so that's quite unlikely that an URL is discovered by chance. But given that IDs are potentially reused, password protection offers an additional guarantee. However, password protection doesn't offer anything beyond that. An administrator can reset the password, as well as recover the data given the ticket ID by just looking at the spool. It would be very nice to use symmetric encryption in this case. When the file is received, we could use a symmetric block cypher mode such as aes-xts to encrypt the file backed-up by the ticket. We could use the known password hash for validation instead of validating the content, so there's nothing "special" required to support it. This would offer a pretty strong guarantee for the user. A password-protected ticket cannot be recovered without a password. On a potential security breach, the attacker won't be able to look at the content either. On the downside, if the password is lost, the content is lost as well. An administrator cannot help. I was looking at PHP libraries, but I couldn't find any library that offers a convenient (seekable!) API to perform aes-xts on a file. I'm reluctant to use external tools, as this would complicate furthermore the setup and/or reduce the chance that this would be a *standard* feature in a DL installation, and not something that would be easily skipped. Any hint would be appreciated.
