[OpenAFS] Encryption in OpenAFS
KELEMEN Peter
KELEMEN Peter <fuji@elte.hu>
Tue, 26 Feb 2002 19:01:01 +0100
* Derek Atkins (derek@ihtfp.com) [20020226 11:01]:
> What key would you suggest the cache manager use to encrypt the
> cache? Where would that key be stored?
> Before you answer, keep in mind that the cache is long-lived and
> shared across all users on the machine.
Entering the theoretical field, and considering on-the-wire
encryption strength currently deployed, many security-by-obscurity
methods come to mind. I am not listing these here as valid ideas.
1. Kerberos host principal
2. user's Kerberos principal, after expiration cache contents
become invalid and unavailable
Probably there is still a misunderstanding here; I am not claiming
that we want cache encryption implemented. A situation dropped
on us where cache content encryption would have saved many work
hours. We are aware, I repeat, we are aware of why it cannot be
done properly and all implied problems. All I wanted to present
is that the original poster could really be in a similar situation
where he would look for cache content encryption solution.
> PS: I agree with all the others -- if this is really an issue for
> you then you've got bigger problems than just the cache contents.
We *all* agree on this, except management as I mentioned in my
first e-mail.
I do not see why we should beat this dead horse any more.
Peter
--
.+'''+. .+'''+. .+'''+. .+'''+. .+''
Kelemen Péter / \ / \ / fuji@elte.hu
.+' `+...+' `+...+' `+...+' `+...+'