Jon LaBadie wrote:
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems to me to be the combo's tagged B, C, and D
offer no benefits over E and thus the amanda user should
be given only the choice of A (no encryption) or E.
I won't comment on the benefits of any combo, just say that
flexibility has been a hallmark of unix from its beginning.
Merely because I or you see no advantage to something does
not mean that no one else will. Or that someone requirements
might force them to one combo or another.
It seems to me that allowing the flexibility is a win-win
situation. Aside from your opinion that combos B,C, and D
are redundant or inferior to E, what are your objections
to allowing the amanda user to make their own flexible choice.
My two cents on this topic would be a variation on how the client works;
I am not a crypto genius, or very good with the internals of Amanda.
But I think a process where the following deffinition could be used
would improve the possibilities for security:
>> define dumptype foo {
Collect-server #forses client to make reverse connection to collect
dumptype info from server
Type = HTTP # protocol to use to collect dump type:HTTP, other optopns
are HTTPS or others.
#Options for handing to client when collecting dump type can be one or
more of following as logic suggests:
Option Key-Autogen #pass an auto generated key to client
Option Key-Location(/path/to/key) #pass key at path to client
Option Key-Manager(/path/to/key/manager) #run manager with client name
and dle info and pass resulting key to client, could link to remote key
store.
Option Key(a-key-in brackets)
Option Store-In-Archive #tells client to store key in backup archive
as preamble.
Option Protocol(HTTPS) #tells client to use HTTPS to dump archive to
server other protocols are possible including normal amanda system.
Option Crypto(crypto-app) #The app to use for encrypting the data and
hence the algorithm, probably needs wrappers to make encryption uniform.
Option (Pre-encrypt) #pass through encryption before crypto, if not
set after crypto if encryption is set.
>>
>> }
This way a secure connection can be made to collect any security
sensitive information, and the client need not store anything exept
while running the backup.
Chris.
