On Tue, Mar 14, 2017 at 03:26:57PM -0700, Henry B (Hank) Hotz, CISSP wrote: > > On Mar 14, 2017, at 12:54 PM, Nico Williams <n...@cryptonector.com> wrote: > > Good point, but actually restarting the daemons does not force a full > > resync. You have to remove the iprop log file (on the master and/or the > > slaves -- either works) to force a full resync. > > True. iprop will do a full download if the slave wants changes from a > version older than the master has a record of. > > ipropd-master is a daemon, so I stand by my original statement. ;-)
Restarting it is not sufficient. You have to remove the iprop log too. > > If you're not storing the master key on a different disk anyways, and > > maybe even if you are, I would recommend just not encrypting the HDB at > > all. As with MIT, only the principals' keys are encrypted, which leaves > > you subject to cut-n-paste attacks by, e.g., your backups operator. > > > > You should separately encrypt the backups/dumps. > > Probably, but encrypting the key material separately doesn’t seem like a bad > thing. It's a waste of CPU cycles. It adds no real protection _by itself_ unless you're keying in the master key on daemon startup. Nico --
