Marc Schulz-Narres writes:
> Hello,
>
> I was wondering wether amanda traffic between client and server is
> transport encrypted.
>
> From the mailing list archive and Documentation I assume, that it is
> only encrypted if I use SSH as transport. Is that correct?
>
Or something like stunnel. Yes
Hello,
I was wondering wether amanda traffic between client and server is
transport encrypted.
From the mailing list archive and Documentation I assume, that it is
only encrypted if I use SSH as transport. Is that correct?
Best regards,
Marc
--
Marc Schulz-Narres
IT Security and Infrastr
; amanda-users@amanda.org
Subject: Re: Encryption information
Maybe
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.zmanda.com%2Findex.php%2FHow_To%3ASet_up_data_encryption&data=04%7C01%7CSimpsonD4%40cardiff.ac.uk%7C1d0bb264ba7b4f168ad008d97c15
Maybe https://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption is
what you are looking for?
On 20.09.2021 10:39, David Simpson wrote:
Looking for any useful information and scripts on encryption with Amanda
(and not hardware encryption done by the tape library itself).
thanks
Looking for any useful information and scripts on encryption with Amanda (and
not hardware encryption done by the tape library itself).
thanks
-
David Simpson - Senior Systems Engineer
ARCCA, Redwood Building,
King Edward VII Avenue,
Cardiff, CF10 3NB
David Simpson - peiriannydd
On 2020-05-19 23:56, Chris Hoogendyk wrote:
> I've seen discussions of amcrypt and pgp (I confess I haven't followed
> them closely), but is it possible to configure amanda to handle keys for
> the native LTO drive encryption?
It isn't really "configure amanda&qu
Il 19/05/20 23:56, Chris Hoogendyk ha scritto:
> is it possible to configure amanda to handle keys for
> the native LTO drive encryption?
I rarely trust some HW features like encryption, RAID and compression...
They tend to render the devices way less interoperable and make recovery
way har
I've seen discussions of amcrypt and pgp (I confess I haven't followed them closely), but is it
possible to configure amanda to handle keys for the native LTO drive encryption? If it makes a
difference, I have three different Amanda backup servers, two with LTO7 and one with LTO6. O
Using a dumptype definition like below on the server:
define dumptype client-pubkey-encrypt-comp {
...
compress client
encrypt client
client_encrypt "/usr/local/sbin/amcrypt-ossl-asym"
client_decrypt_option "-d”
..
}
makes public key dumping work fine - with no need for the private k
On 04/17/2013 02:25:05 AM, Sven Rudolph wrote:
Marcus Pless writes:
> I'm researching a possible LTO6 library purchase and we would very
> much like to take advantage of the encryption capabilities of the
> tape drives. My understanding is that this requires an Encryption
Marcus Pless writes:
> I'm researching a possible LTO6 library purchase and we would very
> much like to take advantage of the encryption capabilities of the
> tape drives. My understanding is that this requires an Encryption Key
> Manager server, which the library vendors are
I'm researching a possible LTO6 library purchase and we would very
much like to take advantage of the encryption capabilities of the
tape drives. My understanding is that this requires an Encryption
Key Manager server, which the library vendors are all too happy to
sell me. Is anyone act
...@gmail.com] *On
> Behalf Of *Prashant Joshi
> *Sent:* Tuesday, April 03, 2012 1:00 AM
> *To:* April Rosenberg
> *Cc:* amanda-users@amanda.org
> *Subject:* Re: Windows - ZWC Encryption
>
>
>
> Hi April,
> I am assuming that you are using a Community version of ZWC. Encryptio
Thank you, I am. I will look at upgrading.
April
*From:* prashant.zma...@gmail.com [mailto:prashant.zma...@gmail.com] *On
Behalf Of *Prashant Joshi
*Sent:* Tuesday, April 03, 2012 1:00 AM
*To:* April Rosenberg
*Cc:* amanda-users@amanda.org
*Subject:* Re: Windows - ZWC Encryption
Hi April
Hi April,
I am assuming that you are using a Community version of ZWC. Encryption is
not supported in the Community version of ZWC. It is only supported in the
Enterprise version. This is the reason why ZWCService is crashing when a
request for encrypted backup is sent by the Amanda server
Good Afternoon,
I am having a problem setting up encryption for my windows client. I have
been trying to research this, and I found some instructions, but I keep
getting “connection reset by peer”. The two folders who aren’t using
encryption work, so I believe my Amanda.conf file is correct
e ZFS, but i require fast (so
symmetric) encryption and the offsite storage pool should not be able to
access any cleartext data.
Is this possible with amzfs-sendrecv or would i need to stay with
amcrypt-ossl and tar etc. ?
You can keep the same encryption setting when you change the backup
applia
Hi,
i'm currently planning to migrate a FreeBSD UFS storage to ZFS. This
machine is currently running amanda 2.6.x server+client to create
encrypted backups on a NFS mounted offsite machine. It would be nice to
continue using amanda to backup the ZFS, but i require fast (so
symmetric) encry
> Just FYI, this exact message, using the same or similar user names, has
> been "spammed" to other forums as well. It appeared on
> Linuxquestions.org today just tacked onto a thread where I had been
> helping someone work through some issues with their Amanda
> configuration. It was the first p
users@amanda.org
Subject: Re: [Amanda-users] amanda 2.5.1 on FreeBSD encryption problems and
solution
Dustin J. Mitchell wrote:
> On Tue, Apr 7, 2009 at 7:37 AM, encryptionguru
> wrote:
>
>> I found about this PCI based hardware products from Indra Networks which can
>> ma
like good help.
I assume this is an encryption coprocessor, and it's worth noting that
this only helps if the apps Amanda is using for encryption are
compiled to support it.
+--
|This was sent by sameervit...@yahoo.co
sume this is an encryption coprocessor, and it's worth noting that
this only helps if the apps Amanda is using for encryption are
compiled to support it.
> +--
> |This was sent by sameervit...@yahoo.com via Backup Cent
I found about this PCI based hardware products from Indra Networks which can
make backup of Amanda faster and also encrypt the data. See if you find this
useful. I have not used this personally, but looks like good help.
+--
|T
This has come up in the past but so far I haven't seen an actual
solution ... does anybody have client side encryption working on
FreeBSD? I have it working fine with my linux clients and for now I'm
using server side encryption for the freebsd clients but it puts too
high a l
Nicki Messerschmidt writes:
> does anyone know a good tape library which supports hardware encryption
> under linux with amanda?
Any LTO-4 drive supports encryption, but you need special software to
control it.
An LTO FAQ (<http://www.lto-technology.com/About/faq.php>) says:
:
On Tue, 10 Feb 2009 at 8:51am, Nicki Messerschmidt wrote
does anyone know a good tape library which supports hardware encryption
under linux with amanda? I thought about an lto-4 drive but there seems
no linux support for the encryption part und gpg is too slow on this
machine... ;)
To second
hmm, seems to me if you are looking for a good tape library with
hardware encryption, you could probably more easily afford a faster
server running linux that would do the encryption. Since you need to
balance the server capabilities with the tape library, you might need
this anyway. I've
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
does anyone know a good tape library which supports hardware encryption
under linux with amanda? I thought about an lto-4 drive but there seems
no linux support for the encryption part und gpg is too slow on this
machine... ;)
Cheers
Nicki
7; = AES192, '2' = AES256
# 1 byte: '0' = SHA256, '1' = SHA384, '2' = SHA512, '3' = RMD160
# 24 bytes: random seed string
# remaining bytes are aespipe encrypted
# These definitions are only used when encrypting.
# Decryption will autodetect thes
2008 15:04
To: Johan Booysen
Cc: amanda-users@amanda.org
Subject: RE: gpg encryption
Johan,
My client and server are the same machine. My config looks the same as
yours. I had this working on an old system but not now. Did you
configure and compile amanda with any special settings?
he email I get from amanda has the error:
X.X.X export/home/pdc/maple lev 0 FAILED [data write: Broken pipe]
The amdump.1 file contains the error:
gpg: amanda: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found
However, when I run the command, as amanda, gpg
I finally got encryption working a lot of trial and error thanks mostly
to Dustin Mitchell and asking questions on the gpg discussion list.
I gave up on aespipe because it just didn't seem to want to work on
Solaris. I then tried to use amgpgcrypt and finally got that to work.
Here are 2
Here it is and yes I have corrected the head and tail entries.
$ sh -x amaespipe
ENCRYPTION=AES256
HASHFUNC=SHA256
ITERCOUNTK=100
WAITSECONDS=1
AMANDA_HOME=/export/home/amanda
GPGKEY=/export/home/amanda/.gnupg/am_key.gpg
FDNUMBER=3
PATH=/usr/bin:/usr/local/bin:/sbin:/usr/sbin
+ export PATH
+ test
On Jan 7, 2008 3:09 PM, Paul Crittenden <[EMAIL PROTECTED]> wrote:
> Dustin,
> When I run amaespipe, by itself, I get the usage error message the first
> 2 times and then the third and subsequent times I get the following:
>
> # amaespipe
> bz2aespipe%10uu00MDGVU,T;M_I:)B&BXZQM1">Z$+MMVF5"@*K3TMV@&
users@amanda.org
Subject: Re: Amanda encryption
I assume that the '18' in the amdump logfile is coming from this line:
seedstr=`head 18 /dev/urandom | uuencode - | head -n 2 | tail -1`
and that this is probably a result of non-portable shell (or, in this
case, 'head') syntax.
-Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin
> J. Mitchell
> Sent: Friday, January 04, 2008 4:03 PM
> To: Paul Crittenden
> Cc: amanda-users@amanda.org
> Subject: Re: Amanda encryption
>
>
> On Jan 4, 2008 3:39 PM, Paul Crit
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin
J. Mitchell
Sent: Friday, January 04, 2008 4:03 PM
To: Paul Crittenden
Cc: amanda-users@amanda.org
Subject: Re: Amanda encryption
On Jan 4, 2008 3:39 PM, Paul Crittenden <[EMAIL PROTECTED]>
wrote:
> Well, sin
On Jan 4, 2008 5:12 PM, Paul Crittenden <[EMAIL PROTECTED]> wrote:
> Where does it say that aespipe is included in Amanda now and would I be
> better off reinstalling Amanda so it will hopefully overwrite the
> aespipe I installed?
If the version you installed overwrote that which came with Amanda
t: Re: Amanda encryption
On Jan 4, 2008 3:39 PM, Paul Crittenden <[EMAIL PROTECTED]>
wrote:
> Well, since I have received no response on my enquiry, I am assuming
> that either no one is using the encryption feature of amanda or I am
the
> only one to have this issue.
>
> Becau
On Friday 04 January 2008, Paul Crittenden wrote:
>Well, since I have received no response on my enquiry, I am assuming
>that either no one is using the encryption feature of amanda or I am the
>only one to have this issue.
>
>Because of the data I am trying to backup I have be
On Jan 4, 2008 3:39 PM, Paul Crittenden <[EMAIL PROTECTED]> wrote:
> Well, since I have received no response on my enquiry, I am assuming
> that either no one is using the encryption feature of amanda or I am the
> only one to have this issue.
>
> Because of the data I am tr
Well, since I have received no response on my enquiry, I am assuming
that either no one is using the encryption feature of amanda or I am the
only one to have this issue.
Because of the data I am trying to backup I have been charged with
making encrypted backups. I was hoping that Amanda would
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed fine but when I try to do I
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
I got it all set up and the key created but now
Behalf Of Chris Hoogendyk
Sent: Tuesday, December 18, 2007 9:42 AM
To: Paul Crittenden
Cc: amanda-users@amanda.org
Subject: Re: Encryption with Amanda
Paul Crittenden wrote:
>
> I have amanda installed and working but now I am trying to set up
> encryption. I am using v2.5.2p1 on a Sun serve
Paul Crittenden wrote:
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed
I have amanda installed and working but now I am trying to set up
encryption. I am using v2.5.2p1 on a Sun server running Solaris 9. I
have followed the instructions from the URL:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
Everything installed fine but when I try to do
I'm using amanda 2.5 and followed the HowTo instructions to setup
encryption w/aespipe and gpg. I believe I've done everything correctly
and all components seem to work together nicely but when amanda runs it
fails to encrypt the data although it proceeds to back it up, only w/o
Good crypto will produce relatively random output data. Compressing prior
to encrypting if storing encrypted is typically a must.
--On October 30, 2007 6:06:09 PM -0500 [EMAIL PROTECTED] wrote:
In my (admittedly limited) experience with encryption and compression,
the rule of thumb has
In my (admittedly limited) experience with encryption and compression, the rule
of thumb has always been to compress first (removing exploitable redundancy and
pattern repetitions) and then encrypt. It also has the advantage that you are
encrypting less volume and reducing the exploitable
Brian Cuttler wrote:
Amanda users,
I may have missed it in the mailing list... I know that
encryption came available in 2.5.0, either server side
or client side, or the channel (though I think encrypting
on the client provides an encrypted channel by default, true ?)
Anyway, I was wondering
Amanda users,
I may have missed it in the mailing list... I know that
encryption came available in 2.5.0, either server side
or client side, or the channel (though I think encrypting
on the client provides an encrypted channel by default, true ?)
Anyway, I was wondering and haven't seen..
Takashi Kurakata wrote:
> Thank you for answering my question.
>
> >krb5keytab and krb5principal are global parameter, they are not
> >dumptype parameter.
> I deleted krb5keytab and krb5principal from dumptype.
>
> When I executed amcheck in the kerberos environment, the following
> messages were
>
to 2.5.2p1.
>
> Jean-Louis
>
> Takashi Kurakata wrote:
> > Hi all,
> >
> > I am using amanda that the bundle is being done by RHEL5 now.
> > The version of amanda is 2.5.0p2-4.
> >
> > I want to construct amanda with the krb5 encryption between the backup
&
of amanda is 2.5.0p2-4.
>
> I want to construct amanda with the krb5 encryption between the backup
> server and the backup
> client.
>
> When the "amcheck -c" command was executed, the following error
> messages were output.
>
> "/etc/amanda/DailySet1/
Hi all,
I am using amanda that the bundle is being done by RHEL5 now.
The version of amanda is 2.5.0p2-4.
I want to construct amanda with the krb5 encryption between the backup
server and the backup
client.
When the "amcheck -c" command was executed, the following error messages
w
le is being done by RHEL5 now.
> The version of amanda is 2.5.0p2-4.
>
> I want to construct amanda with the ssh encryption between the backup
> server and the backup
> client.
>
> When the amcheck command was executed, the following error messages
> were output.
> ---
gt;
> I want to construct amanda with the ssh encryption between the backup
> server and the backup
> client.
>
> When the amcheck command was executed, the following error messages
> were output.
>
> "/etc/amanda/DailySet1/amanda.conf", line xxx: dump t
Hi all,
I am using amanda that the bundle is being done by RHEL5 now.
The version of amanda is 2.5.0p2-4.
I want to construct amanda with the ssh encryption between the backup server
and the backup
client.
When the amcheck command was executed, the following error messages were
output
e can skip kerberos encryption
on some file systems.
We now run this for our amanda backups, and things go very well.
Thanks for adding this option.
We will keep an eye on releases and will build and test next stable
version with this option included.
Jean-Louis
/klas
Klas,
Try amanda-2.5.3alpha-kencrypt.tar.gz from
http://www.zmanda.com/community-builds.php
It add support for the DLE kencrypt option with krb5.
I don't know how to changer the encryption method.
Jean-Louis
Klas Heggemann wrote:
20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:
It's broken that krb5 encryption is a compile time flag rather than a
dumptype option. With 2.4 and krb4, it's a dumptype option. I fixed
2.5's krb4 encryption, but I think by leaving it on always, and my fuzzy
memory is that adding it on a per-dumptype basis required adding it
20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have
a working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no long
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a
working
build and configuration. We've also switched from Solaris 9 to 10, and
newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have
a working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentic
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a
working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication.
The backup server see
ars to backup 15 servers(AIX and
>SUN). It works perfectly. We asked to do backup encryption of one of
>the File Systems. Do we need to install a new package?. We use gpg
>encryption for other purpose. Ho to integrate it to Amanda?.
>Any help/suggestions will be greatl
cated
because the kernel developers want to switch to devmapper. Please
correct me and clarify if I'm wrong.
devmapper seems to be merged into the mainline Linux and loop-aes has
not. However, for the purpose of backup encryption, it's still a valid
solution. Debian and Gentoo distrib
op-aes is deprecated
> >because the kernel developers want to switch to devmapper. Please
> >correct me and clarify if I'm wrong.
>
> devmapper seems to be merged into the mainline Linux and loop-aes has
> not. However, for the purpose of backup encryption, it's s
make dictionary attack almost impossible given that the
passphrase is not in the wrong hand.
And it's a symmetric encryption and to facilitate automatic
backup, the passphrase has to be stored somewhere.
This is (one) of the reasons why I'd prefer a pubkey method: You don't
ha
gt;
> It illustrates the method of using multi-key which a strong point of
> aespipe.
OK, I see. "multi-key" was the magic word that (after some googling)
made me understand what's going on here. AFAICS, multi-keys can prevent
watermark-attacks? Are there more advantages t
Josef Wolf wrote:
Hello!
Now that 2.5.0b2 seems to run pretty stable, I'd like to try the new
encryption functionality. I've read wiki.zmanda.com/index.php/Encryption,
but have still some questions:
- What is the point to uuencode and encrypt (with gpg) random data to
genera
Hello!
Now that 2.5.0b2 seems to run pretty stable, I'd like to try the new
encryption functionality. I've read wiki.zmanda.com/index.php/Encryption,
but have still some questions:
- What is the point to uuencode and encrypt (with gpg) random data to
generate the key? Since the pas
Ian Turner schrieb:
On Tuesday 17 January 2006 06:10 am, you wrote:
You're making unwarranted assumptions about other people's situations,
and telling them what to do without even understanding their needs.
Even if you do understand, the policy choice is theirs to make. Some
people have data th
On Tuesday 17 January 2006 06:10 am, you wrote:
> You're making unwarranted assumptions about other people's situations,
> and telling them what to do without even understanding their needs.
> Even if you do understand, the policy choice is theirs to make. Some
> people have data that doesn't have
[horror stories about wayward tapes with client data]
If I had machines with such customer data, I'd probably choose
differently for that data. And I'd then be willing to spend the money
to ensure availability, which is then more challenging.
The above examples show that having unencrypted b
ago the bank ABN Amro has
lost a backup tape with data of 2 million credit users.
> > Really, I am trying to ask you to think about keeping transport and
> > storage encryption conceptually separate, even if you have a mechanism
> > that does both without any bits on the serve
rs, is to be able to get my bits
> back from tape when something bad happens, ranging from rm -rf / to a
> disk failing, to total loss of the building due to fire/flood/etc.
So you want the benefits of encryption but don't want to pay the price?
Sounds strange to me.
> So
> the
> > > Yes. Multiplexing the data streams/error stream/index stream
> > > over one connection is a good idea. Kevin Till has done some
> > > investigation in this area. I hope he will comment on this.
> >
> > The Kerberos 5 implementation in 2.5.0 actually does all this over
> > one tcp c
On 12/29/05, Todd Kover <[EMAIL PROTECTED]> wrote:
>
> > > Just because it's almost newyear, and I have seen The Light... (or
> > > was that just an illusion?)
> > >
> > > Some thoughts about the new proposed features, concerning:
> > >
> > > - multiplexing the data streams, error stream, ind
On Thu, Dec 29, 2005 at 04:18:09PM -0800, Kevin Till enlightened us:
> I agree with Paddy that ssh provides transport encryption and
> authentication. The only caveat is that the amanda binary needs to be
> installed at the same location in the server as well as in the client
> sin
On Thu, 29 Dec 2005, Kevin Till wrote:
> Another point I want to add is that while public-key encryption allows you
> to encrypt the data with just the public-key and store away the private-key.
> It does requires more computational resources, thus much slower than
> symmetri
at server really The One?
Currently needing kerberos I believe, which most people do not
even have!)
See above.
I agree with Paddy that ssh provides transport encryption and
authentication. The only caveat is that the amanda binary needs to be
installed at the same location in the server a
Brian Cuttler wrote:
The amanda disklist allows optional encryption, selected per DLE ?
Hi Brian,
the new encrypt option is added to dumptype. So yes, you can specify
encryption on some DLE but not others. You can also choose to encrypt on
the client *or* server side.
Can you say, never
> > Just because it's almost newyear, and I have seen The Light... (or
> > was that just an illusion?)
> >
> > Some thoughts about the new proposed features, concerning:
> >
> > - multiplexing the data streams, error stream, index stream, over
> > one TCP connection (this would make passing
On 12/29/05, Paul Bijnens <[EMAIL PROTECTED]> wrote:
>
> Just because it's almost newyear, and I have seen The Light...
> (or was that just an illusion?)
>
> Some thoughts about the new proposed features, concerning:
>
> - multiplexing the data streams, error stream, index stream, over
>one TCP
That makes sense, but if the protocol hasn't gained mindshare and the
code is static for 2 years, it may mean accepting BXXP maintainership
if amanda uses it.
There is also an efficiency issue.
--
Greg Troxel <[EMAIL PROTECTED]>
ity to backup data to tape that is
important, it is the ability to restore data from tape and make it
available again that is important.
If the client(s) and servers are on a secure network, perhaps in an
isolated room and you have security transport do you also need to
worry about encryption
Just because it's almost newyear, and I have seen The Light...
(or was that just an illusion?)
Some thoughts about the new proposed features, concerning:
- multiplexing the data streams, error stream, index stream, over
one TCP connection (this would make passing firewalls and NAT
so much e
I also know that protecting the keyring is of paramount inportance
in a security situation. All I could suggest is an unencrypted copy
of the root/critical systems with updated keyring and archived and
stored in a physically high security area. For that matter I think
any mission/critical
ions/observations occur.
>
> no worries, your comments are useful.
>
> > Concerning tape encryption but not addressing encryption during
> > transit between client and server I wonder about the following ?
> >
> > 1) I don't fully apreciate implications hav
Brian Cuttler <[EMAIL PROTECTED]> writes:
> I'm not meaning to make light or waste time but the following
> questions/observations occur.
no worries, your comments are useful.
> Concerning tape encryption but not addressing encryption during
> transit between client an
I realize I'm jumping into the middle here and not fully
understanding the issues but I have questions (and that is
just the sort of guy I am).
I'm not meaning to make light or waste time but the following
questions/observations occur.
Concerning tape encryption but not addressing
.
> >
> > With respect to confidentiality, no. But E is weaker than the cases
> > that don't encrypt tapes from the backup availability perspective.
>
> No doubt here. As long as encryption is an _option_, no one is forced
> to use it. Those who actually use encrypti
Jon LaBadie wrote:
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems
On Sat, Dec 24, 2005 at 03:22:09AM -0500, Jon LaBadie wrote:
> Aside from your opinion that combos B,C, and D
> are redundant or inferior to E, what are your objections
> to allowing the amanda user to make their own flexible choice.
I have no objections. It is just that
- implementing redunda
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems to me to be the co
> So E has no disadvantages here.
>
> With respect to confidentiality, no. But E is weaker than the cases
> that don't encrypt tapes from the backup availability perspective.
No doubt here. As long as encryption is an _option_, no one is forced
to use it. Those who actually use encrypt
ut, not having so makes interactive restores
harder. This really needs quite a lot of key management thought. But
later, I see that you intend to be able to implement cleartext on
tapes but with transport encryption via this.
It's broken from a security viewpoint to only configure this on the
ser
On Tue, Dec 20, 2005 at 09:03:50AM -0500, Greg Troxel wrote:
> Josef Wolf <[EMAIL PROTECTED]> writes:
> > On Mon, Dec 19, 2005 at 12:56:26PM -0500, Greg Troxel wrote:
> > > I think the essence is that while both are encryption, one is applied
> > > to transp
1 - 100 of 153 matches
Mail list logo