> > I think it would be helpful for you to write out your assumptions
> > about threats.  I am relatively unconcerned with people getting access
> > to my tapes - they are locked up as well as the computers.
> 
> They are locked up _today_.  Do you know what will happen to them in a
> couple of months/years?  I remember at least two cases where big banks
> have lost tapes with sensitive data on them and no one knows where the
> tapes are or who have/had access to them.  How do you know that this
> will not happen to your tapes?

I just stumbled over yet an other (current) case of lost backup tapes with
sensitive data on them: Look at http://www.heise.de/newsticker/meldung/67824
Since this page is in german, here's a short summary:

 Marriot Hotels has lost backups with address and creditcard data of
 206000 customers.  [ ... ] A couple of weeks ago the bank ABN Amro has
 lost a backup tape with data of 2 million credit users.

> > Really, I am trying to ask you to think about keeping transport and
> > storage encryption conceptually separate, even if you have a mechanism
> > that does both without any bits on the server.

The above examples show that having unencrypted backups is not really a
good idea.  So please think once more about it.  The only sane way is
the client-encrypted public-key method.

-- 
No software patents in Europe -- http://nosoftwarepatents.com
-- Josef Wolf -- jw AT raven.inka DOT de --