> I'll step back and ask: what's your threat model? What are you trying > to protect against?
I'll +1 that. I've done a few filesystem encrypted projects and watched many more being developed and in most cases the easiest part by far is to encrypt the bits before they hit the oxide (or the wire). Much, much harder is what I call policy (which files do I want to encrypt) and the closely related field of key management (which bits of which files are protected by which key, how do I distribute the keys, where are they stored, who gets to use which keys). A related issue which is security - if a file is encrypted is it safe to release it to another set of users? Many of these difficult problems become tractable once you have a threat model. Don't get me wrong, plugging encryption onto an existing filesystem can be extremely challenging. Indeed it is such a challenge that the temptation is to declare victory once a file can be demonstrated to be encrypted. The trouble is, the job has only just started if your threat model is complicated enough (or not defined). _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
