On 25 Mar 2010, at 08:54, Rod Widdowson wrote: >> I'll step back and ask: what's your threat model? What are you trying >> to protect against?
The threat model is pretty clear, I think. It's for an environment where users want to be able to store files in a way that a server administrator cannot read them. That is, they trust the server to store the data they give it (and to back it up, etc) but they don't trust it not to eavesdrop on those contents, or to not disclose them to a third party. In GSoC, the problem I think is tractable is the single user case, modelled around a user who wishes to encrypt their home directory so that it cannot be read without access to their key. In my environment, this is functionality that is regularly requested. It has the additional benefit that it allows some of the harder issues around key management to be deferred. Cheers, Simon. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
