[EMAIL PROTECTED] wrote:
On 10/28/05, Joe Buehler <[EMAIL PROTECTED]> wrote:
Something of importance, is putting sensitive information like ssh private keys and PGP keys, etc in AFS is a bad idea unless you have encryption in there someplace. Same is true for any network based filesystem.
Unfortunately, the only available "someplace" to turn on encryption is on the client. Turning on encryption on a client encrypts all traffic bound to that client (most of it unnecessarily). Yet the same data passes in the clear if another client accesses it.
It would be a Good Thing if encryption were a per directory thing like an ACL, enforced by the server, so you could make sure your sensitive information was never passed in the clear. I have no idea how hard it would be to implement an "encrypted directory" flag, but I suspect it would mean breaking things. Would this be a reasonable thing to put on the wish list?
-- +--------------------------------------------------------------+ / [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / / A bicycle can't stand alone because it is two-tired. / +--------------------------------------------------------------+ _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
