Andrew: > J.M. Porup: >> On Wed, Jun 29, 2016 at 02:30:34PM -0700, flux wrote: >>> My thoughts were more along the lines of mitigative travel protection >>> crossing borders and such. Like, you can boot to decryption but if the >>> device is seized, no valid decryption can actually be performed. But as you >>> say, depending on your situation that could be disadvantageous. I >>> additionally just enjoy the idea of separating keys from locks regardless >>> of the encrypted state of those keys. >> >> FWIW, I support this feature request as well. Search the archives for >> previous discussion early 2015 (Caspar Bowden indicated his support for >> the feature, before he passed.) >> >> Overreliance on a boot nuke feature would, as pointed out, be unwise. >> But as a journalist, I can easily imagine a scenario where I am crossing >> a border, am asked/ordered to decrypt my laptop, and I prefer to nuke >> the hard drive rather than comply. >> >> Sure, border officials might image the disk first, but how many laptop >> users have such a feature? >> >> I think of it like TLS. Arguing that X.509 certificate infrastructure is >> broken and not (very) trustworthy doesn't mean we should insist Qubes >> return to a non-HTTPS website. It's a layer of protection, one of many. >> >> So I support this feature request, while noting the priority is low. >> >> jmp >> > > [bullshit] > > Andrew >
Actually, I think I get it now. Tell me if I'm wrong. You want this to be a readily-accessible feature of Qubes. It's not that you want to prepare to cross borders: you cross borders in the course of your work. It's not even that you cross borders: you're generally mobile, and you're a potential target. It makes sense to have the ability to provide a quick failsafe if and when the need strikes. Still, I think the better solution is to implement plausibly-deniable per-VM encryption/hiding, as suggested when this topic came up back in 2015. Search for the qubes-users thread "Re: [qubes-users] feature request: luksAddNuke". Caspar actually supported this idea: > I would really like to see this implemented > > -- > Caspar Bowden > Qubes Policy Adviser" Does this, or do these, already have a tracking ticket? Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e021a2e-7bec-623d-bf02-35481ca817a3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
