[OpenAFS-devel] [GSoC 2010] Encrypted storage
Rod Widdowson
rdw@steadingsoftware.com
Thu, 25 Mar 2010 08:54:01 -0000
> I'll step back and ask: what's your threat model? What are you =
trying
> to protect against?
I'll +1 that. I've done a few filesystem encrypted projects and watched =
many more being developed and in most cases the easiest part by far is =
to encrypt the bits before they hit the oxide (or the wire). Much, much =
harder is what I call policy (which files do I want to encrypt) and the =
closely related field of key management (which bits of which files are =
protected by which key, how do I distribute the keys, where are they =
stored, who gets to use which keys). =20
A related issue which is security - if a file is encrypted is it safe to =
release it to another set of users?
Many of these difficult problems become tractable once you have a threat =
model.
Don't get me wrong, plugging encryption onto an existing filesystem can =
be extremely challenging. Indeed it is such a challenge that the =
temptation is to declare victory once a file can be demonstrated to be =
encrypted. The trouble is, the job has only just started if your threat =
model is complicated enough (or not defined).