Todd M. Lewis wrote: > Unfortunately, the only available "someplace" to turn on encryption is > on the client. Turning on encryption on a client encrypts all traffic > bound to that client (most of it unnecessarily). Yet the same data > passes in the clear if another client accesses it. > > It would be a Good Thing if encryption were a per directory thing like > an ACL, enforced by the server, so you could make sure your sensitive > information was never passed in the clear. I have no idea how hard it > would be to implement an "encrypted directory" flag, but I suspect it > would mean breaking things. Would this be a reasonable thing to put on > the wish list?
It is a reasonable thing to add to the wish list.
I want to see an ability to add at the directory, volume and file server
level the ability to specify acceptable security classes and modes.
Today we have:
none
rxkad, clear
rxkad, encrypted
If the client request does not satisfy the security requirements,
an error is returned.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
