Re: new feature: client-side, server-side encryption dumptype option
2005-12-26 18:54:37
Jon LaBadie wrote:
Josef,
If I've not followed this thread accurately accept my apologies.
My own personal summary is Greg suggested five combinations
of encryption were easily conceivable and when amanda adds
encryption each of the various combos should be accomodated.
Your view seems to me to be the combo's tagged B, C, and D
offer no benefits over E and thus the amanda user should
be given only the choice of A (no encryption) or E.
I won't comment on the benefits of any combo, just say that
flexibility has been a hallmark of unix from its beginning.
Merely because I or you see no advantage to something does
not mean that no one else will. Or that someone requirements
might force them to one combo or another.
It seems to me that allowing the flexibility is a win-win
situation. Aside from your opinion that combos B,C, and D
are redundant or inferior to E, what are your objections
to allowing the amanda user to make their own flexible choice.
My two cents on this topic would be a variation on how the client works;
I am not a crypto genius, or very good with the internals of Amanda.
But I think a process where the following deffinition could be used
would improve the possibilities for security:
>> define dumptype foo {
Collect-server #forses client to make reverse connection to collect
dumptype info from server
Type = HTTP # protocol to use to collect dump type:HTTP, other optopns
are HTTPS or others.
#Options for handing to client when collecting dump type can be one or
more of following as logic suggests:
Option Key-Autogen #pass an auto generated key to client
Option Key-Location(/path/to/key) #pass key at path to client
Option Key-Manager(/path/to/key/manager) #run manager with client name
and dle info and pass resulting key to client, could link to remote key
store.
Option Key(a-key-in brackets)
Option Store-In-Archive #tells client to store key in backup archive
as preamble.
Option Protocol(HTTPS) #tells client to use HTTPS to dump archive to
server other protocols are possible including normal amanda system.
Option Crypto(crypto-app) #The app to use for encrypting the data and
hence the algorithm, probably needs wrappers to make encryption uniform.
Option (Pre-encrypt) #pass through encryption before crypto, if not
set after crypto if encryption is set.
>>
>> }
This way a secure connection can be made to collect any security
sensitive information, and the client need not store anything exept
while running the backup.
Chris.
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: new feature: client-side, server-side encryption dumptype option, (continued)
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Kevin Till
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
- Re: new feature: client-side, server-side encryption dumptype option, Jon LaBadie
- Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
- Re: new feature: client-side, server-side encryption dumptype option,
Chris Lee <=
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel
- Re: new feature: client-side, server-side encryption dumptype option, Brian Cuttler
- Re: new feature: client-side, server-side encryption dumptype option, Kevin Till
- Re: new feature: client-side, server-side encryption dumptype option, Geert Uytterhoeven
Re: new feature: client-side, server-side encryption dumptype option, Paddy Sreenivasan
|
|
|