On Thursday 22 March 2012 20:53:57 Ivan Čukić wrote: > > then why dont you just encrypt everything? What would be wrong with that? > > In order for nepomuk and plasma active to work, the encrypted stuff > would need to be mounted on boot > - not everything is private, no need to encrypt everything > - no way to enter the password on a touch device before x starts, > leading to a lot of complications > - if it is mounted on boot, all data is accessible to all programs > that are running and all users of the device (not covering all the > use-cases PA wants to cover, including a theft of an already running > device) > > Encrypted folders are mounted *only* when the user is in a private > activity, and is encrypted using the password that is > activity-specific.
That sounds exactly like what we wanted achieve in KDE PIM back then as well. We had one crypto container for each of your private keys, so the index database was encrypted in exactly the same way as the original content, which means you can only access the indexed information when you are also able access the original content too (ie. your corresponding private key has been unlocked by password/smartcard/etc). IMHO it's a sound concept from the security and privacy POV. If we actually find a way to solve this problem, I'd be very interested in reviving the encrypted email indexing code :) regards, Volker
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Nepomuk mailing list [email protected] https://mail.kde.org/mailman/listinfo/nepomuk
