[OpenAFS-devel] [GSoC 2010] Encrypted storage

u-openafsdev-t07O@aetey.se u-openafsdev-t07O@aetey.se
Thu, 1 Apr 2010 15:26:56 +0200


On Wed, Mar 31, 2010 at 04:04:27PM -0600, Spencer E. Olson wrote:
 
> how is this really different from, for instance,
> just using EncFS on top of AFS?

On Wed, Mar 31, 2010 at 10:36:05PM -0400, Jeffrey Altman wrote:

> essentially the same.  The difference is that EncFS, being a FUSE file
> system, is only available on a subset of the platforms that OpenAFS

Right, but not only that, even given a (hardly reliable) assumption
that a user is always guaranteed to find EncFS installed and configured
on the AFS client she has access to.

> supports.  One of the strengths of OpenAFS is that once data is stored
> on Linux it can also be accessed or modified on Solaris, Windows, MacOS,
> and many other file systems.

I would like to highlight the importance of path globality.  As soon
as EncFS relies on a separate (locally set up) mount it can not provide
its data in the same name space as AFS.

AFS supports globally valid file names (via dynroot and DNS lookups),
in contrast to any file system which is to be locally mounted at an
arbitrary point.

To realize the importance of this, think of the Web. It wouldn't even
exist without globally valid resource names.

> One way of describing this project would
> be to implement EncFS as part of the OpenAFS cache manager.

I second this. It also would/should let the protected data remain in the AFS
file name space.

Rune