Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?
2010-11-18 12:34:56
On Nov 18, 2010, at 12:19 AM, Thomas Mueller wrote:
> On 18.11.2010 02:01, Dan Langille wrote:
>
>>>
>>> IMHO TLS is only used for the "control-channel" not for the "data-
>>> channel".
>>
>> Really? I hope not. Can you prove this?
>>
>
> ok maybe you're right. i've had in mind that it was not encrypted, but
> written is that the volumes written by sd are not encrypted. not the
> data transfer between fd and sd.
The TLS implementation supports encryption of all network communications
between all daemons.
> "The data written to Volumes by the Storage daemon is not encrypted by
> this code. "
>
> http://bacula.org/5.0.x-manuals/en/main/main/Bacula_TLS_Communications.html
Right -- this caveat is intended to explain that despite the network
communications being encrypted, the data actually written to the volume is not
encrypted -- ie, anyone with physical access to the disk or tape can still read
its contents, but the data can not be read off the wire by someone with a
network sniffer.
The data (but not meta-data) written to disk can be encrypted by the File
Daemon, but that is separate from the TLS support. Storage encryption in the
Storage Daemon is not currently supported (something we've discussed on the
list in the past).
-landonf
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|