[OpenAFS-devel] [GSoC 2010] Encrypted storage

[Derrick Brashear]

On Wed, Mar 31, 2010 at 6:04 PM, Spencer E. Olson <olsonse@umich.edu> wrote=
:
> Pardon my intrusion into the discussion, but I've been following this wit=
h
> mild interest and am wondering about the scope of what is proposed.
> For example, if we just want to worry about encrypting so that a single u=
ser's
> files are protected with a key held by that user (or the user's client), =
how
> is this really different from, for instance, just using EncFS on top of A=
FS?

All the people who don't have FUSE should, I guess, run VMware? What
about the platforms that don't support that either?

> I currently do this with no problems and the admins, or anyone else for t=
hat
> matter, certainly can only see gobble-dee-gook when they look at my files=
.
>
> If the scope of this effort is intended to be much broader than this,

Like, say, the other N platforms....

> then it seems that the real issue really is in the (auto)magic management=
 of keys and
> policies.

Seems not.

> I certainly agree with what has already been stated about the
> clients doing any encryption necessary. =A0It would, on the other hand, b=
e
> pretty cool if the key-management were implemented such that the user cou=
ld
> specify other users/groups that can have access to the encrypted data.

Something like that seems like it could be added, but not until you
have the basics. This project was proposed for that.
Scope creep can be next year's GSoC, maybe?

> =A0I think someone already suggested something like this where the common
> encryption key of the file contents is encrypted for each user with their=
 own
> public key (speaking in terms of PKI language).