[OpenAFS] encrypted volumes
Dirk Heinrichs
dirk.heinrichs@online.de
Fri, 6 Feb 2009 22:21:21 +0100
--nextPart2080950.gCY9xQCKCv
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Am Freitag, 6. Februar 2009 21:45:02 schrieb Christof Hanke:
> Sorry, but I think you see this from the wrong angle.
> The point I think here is to protect sensitive data even against admins,
> the guys who can read /vicep* anyway...
What prevents an admin from loggin in on the client machine to read the dat=
a=20
while the volume is mounted?
> Having said this, it is clear the encryption has to be on the client side.
I guess the best would be if it would happen at application level. Means: l=
et=20
application store their data as GPG-encrypted files directly.
Bye...
Dirk
--nextPart2080950.gCY9xQCKCv
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iD8DBQBJjKnX8NVtnsLkZ7sRAmppAJ4rQXl6sGsuCOp+Ydo3r9lgxBqIFgCfZRGr
SwE/RICCgYocRerwXZW1PvA=
=91Be
-----END PGP SIGNATURE-----
--nextPart2080950.gCY9xQCKCv--