On Tue, Mar 14, 2017 at 03:26:57PM -0700, Henry B (Hank) Hotz, CISSP wrote:
> > On Mar 14, 2017, at 12:54 PM, Nico Williams <n...@cryptonector.com> wrote:
> > Good point, but actually restarting the daemons does not force a full
> > resync. You have to remove the iprop log file (on the master and/or the
> > slaves -- either works) to force a full resync.
> True. iprop will do a full download if the slave wants changes from a
> version older than the master has a record of.
> ipropd-master is a daemon, so I stand by my original statement. ;-)
Restarting it is not sufficient. You have to remove the iprop log too.
> > If you're not storing the master key on a different disk anyways, and
> > maybe even if you are, I would recommend just not encrypting the HDB at
> > all. As with MIT, only the principals' keys are encrypted, which leaves
> > you subject to cut-n-paste attacks by, e.g., your backups operator.
> > You should separately encrypt the backups/dumps.
> Probably, but encrypting the key material separately doesn’t seem like a bad
It's a waste of CPU cycles. It adds no real protection _by itself_
unless you're keying in the master key on daemon startup.