Todd M. Lewis wrote: > Unfortunately, the only available "someplace" to turn on encryption is > on the client. Turning on encryption on a client encrypts all traffic > bound to that client (most of it unnecessarily). Yet the same data > passes in the clear if another client accesses it. > > It would be a Good Thing if encryption were a per directory thing like > an ACL, enforced by the server, so you could make sure your sensitive > information was never passed in the clear. I have no idea how hard it > would be to implement an "encrypted directory" flag, but I suspect it > would mean breaking things. Would this be a reasonable thing to put on > the wish list?
It is a reasonable thing to add to the wish list. I want to see an ability to add at the directory, volume and file server level the ability to specify acceptable security classes and modes. Today we have: none rxkad, clear rxkad, encrypted If the client request does not satisfy the security requirements, an error is returned. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature