Re: new feature: client-side, server-side encryption dumptype option
2005-12-20 07:32:55
On Sun, Dec 11, 2005 at 04:37:12PM -0800, Paddy Sreenivasan wrote:
> > [1] You need client-side encryption if you don't want your data flowing
> > unencrypted over the network.
> You can use ssh for server/client communication and server side data
> encryption.
While this is possible, I don't like it because it has two disadvantages:
1. You need to set up keys for both, ssh _and_ amanda.
2. You need to set up ssh keys either by storing the passphrase in
cleartext or use ssh-agent. Using ssh-agent has security-flaws, too.
In addition, with ssh-agent, you will need to type the passphrase
at least once after every reboot. Not very suitable for a
fully-automated backup-system, IMHO.
When you use a public key on the client to encrypt, you can lock away
the private key in a secure place. Both, transport _and_ storage will
be encrypted with such a setup.
--
No software patents in Europe -- http://nosoftwarepatents.com
-- Josef Wolf -- jw AT raven.inka DOT de --
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- Re: new feature: client-side, server-side encryption dumptype option, (continued)
- Re: new feature: client-side, server-side encryption dumptype option, Chris Lee
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Kevin Till
- Re: new feature: client-side, server-side encryption dumptype option, Geert Uytterhoeven
Re: new feature: client-side, server-side encryption dumptype option, Paddy Sreenivasan
- Re: new feature: client-side, server-side encryption dumptype option,
Josef Wolf <=
|
|
|