On Wed, 2007-08-15 at 11:36 -0700, Alan Wright wrote:
> I'll assume that's a rhetorical question, for now, based on your
> comment in another email that the currently defined password
> storage mechanism should be sufficient for this case. If password
> encryption is mandated as a requirement, we'll have to revisit
> this topic.
see my followup message; the passwords-in-files policy calls for the use
of (possibly reversible) obfuscation or encryption to reduce the impact
of accidental partial disclosure.
- Bill
