From owner-freebsd-hackers@FreeBSD.ORG  Mon Nov 24 01:48:19 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 430F116A4CE; Mon, 24 Nov 2003 01:48:19 -0800 (PST)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B329643F3F; Mon, 24 Nov 2003 01:48:15 -0800 (PST)
	(envelope-from phk@phk.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.10/8.12.10) with ESMTP id hAO9mCDx017778;
	Mon, 24 Nov 2003 10:48:12 +0100 (CET)
	(envelope-from phk@phk.freebsd.dk)
To: Stefan =?iso-8859-1?Q?E=DFer?= <se@freebsd.org>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Mon, 24 Nov 2003 10:16:21 +0100."
             <20031124091621.GB1168@StefanEsser.FreeBSD.org> 
Date: Mon, 24 Nov 2003 10:48:12 +0100
Message-ID: <17777.1069667292@critter.freebsd.dk>
cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>
cc: Rayson Ho <raysonlogin@yahoo.com>
cc: freebsd-hackers@freebsd.org
Subject: Re: "secure" file flag? 
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2003 09:48:19 -0000

In message <20031124091621.GB1168@StefanEsser.FreeBSD.org>, Stefan =?iso-8859-1
?Q?E=DFer?= writes:

>Yes, probably. But encryption is only as good as key
>management and secure storage (and deletion) of keys. 
>How do you implement unattended reboot, if you consider
>unauthorized (physical) access to your system as one 
>of the attack scenarios to protect against ?
>(Not meaning, that secure erase would really solve
>that problem ...)

See my paper for a suggestion about using weak-link/strong-link
methods for that.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.