> If properly encrypted with an authenticated encryption mechanism
(2) Being on one's connection is the default assumption of the internet security model.
(3) Right, the confidentiality of the site's data from the site's user may not be critical. But if done properly it does allow the site to ensure that the data it stored has not been tampered with (except perhaps to drop it or replay it). Surely this can be useful.
> If properly encrypted with an authenticated encryption mechanism
(2) Being on one's connection is the default assumption of the internet security model.
(3) Right, the confidentiality of the site's data from the site's user may not be critical. But if done properly it does allow the site to ensure that the data it stored has not been tampered with (except perhaps to drop it or replay it). Surely this can be useful.