From 200fd3aa05174e109488f533d57db503d18ce25a Mon Sep 17 00:00:00 2001
From: David Steele <david@pgmasters.net>
Date: Fri, 4 Jan 2019 12:25:58 +0200
Subject: [PATCH] Clarify that encryption is always performed client-side.

Suggested by Bruce Burdick.
---
 doc/xml/reference.xml  |  2 +-
 doc/xml/release.xml    | 16 ++++++++++++++++
 doc/xml/user-guide.xml |  2 +-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/doc/xml/reference.xml b/doc/xml/reference.xml
index ea122aa82..341a2db94 100644
--- a/doc/xml/reference.xml
+++ b/doc/xml/reference.xml
@@ -477,7 +477,7 @@
                         <ul>
                             <li><id>none</id> - The repository is not encrypted</li>
                             <li><id>aes-256-cbc</id> - Advanced Encryption Standard with 256 bit key length</li>
-                        </ul></text>
+                        </ul>Note that encryption is always performed client-side even if the repository type (e.g. S3) supports encryption.</text>
 
                         <default>none</default>
                         <example>aes-256-cbc</example>
diff --git a/doc/xml/release.xml b/doc/xml/release.xml
index 071996362..c5e7e0700 100644
--- a/doc/xml/release.xml
+++ b/doc/xml/release.xml
@@ -13,6 +13,17 @@
 
     <release-list>
         <release date="XXXX-XX-XX" version="2.09dev" title="UNDER DEVELOPMENT">
+            <release-doc-list>
+                <release-improvement-list>
+                    <release-item>
+                        <release-item-contributor-list>
+                            <release-item-ideator id="bruce.burdick"/>
+                        </release-item-contributor-list>
+
+                        <p>Clarify that encryption is always performed client-side.</p>
+                    </release-item>
+                </release-improvement-list>
+            </release-doc-list>
         </release>
 
         <release date="2019-01-02" version="2.08" title="Minor Improvements and Bug Fixes">
@@ -5994,6 +6005,11 @@
             <contributor-id type="github">scrummyin</contributor-id>
         </contributor>
 
+        <contributor id="bruce.burdick">
+            <contributor-name-display>Bruce Burdick</contributor-name-display>
+            <contributor-id type="github">baburdick</contributor-id>
+        </contributor>
+
         <contributor id="camilo.aguilar">
             <contributor-name-display>Camilo Aguilar</contributor-name-display>
             <contributor-id type="github">c4milo</contributor-id>
diff --git a/doc/xml/user-guide.xml b/doc/xml/user-guide.xml
index 7abb35b33..a67661d74 100644
--- a/doc/xml/user-guide.xml
+++ b/doc/xml/user-guide.xml
@@ -941,7 +941,7 @@
         <section id="configure-encryption">
             <title>Configure Repository Encryption</title>
 
-            <p>The repository will be configured with a cipher type and key to demonstrate encryption.</p>
+            <p>The repository will be configured with a cipher type and key to demonstrate encryption.  Encryption is always performed client-side even if the repository type (e.g. S3) supports encryption.</p>
 
             <p>It is important to use a long, random passphrase for the cipher key.  A good way to generate one is to run: <code>openssl rand -base64 48</code>.</p>