On Nov 18, 2010, at 12:19 AM, Thomas Mueller wrote:

> On 18.11.2010 02:01, Dan Langille wrote:
> 
>>> 
>>> IMHO TLS is only used for the "control-channel" not for the "data-
>>> channel".
>> 
>> Really? I hope not. Can you prove this?
>> 
> 
> ok maybe you're right. i've had in mind that it was not encrypted, but 
> written is that the volumes written by sd are not encrypted. not the 
> data transfer between fd and sd.

The TLS implementation supports encryption of all network communications 
between all daemons.

> "The data written to Volumes by the Storage daemon is not encrypted by 
> this code. "
> 
> http://bacula.org/5.0.x-manuals/en/main/main/Bacula_TLS_Communications.html

Right -- this caveat is intended to explain that despite the network 
communications being encrypted, the data actually written to the volume is not 
encrypted -- ie, anyone with physical access to the disk or tape can still read 
its contents, but the data can not be read off the wire by someone with a 
network sniffer.

The data (but not meta-data) written to disk can be encrypted by the File 
Daemon, but that is separate from the TLS support. Storage encryption in the 
Storage Daemon is not currently supported (something we've discussed on the 
list in the past).

-landonf
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users