From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 00:21:11 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF9CE16A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 00:21:11 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D85043D48
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 00:21:10 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6d4y-0003zj-NO
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 01:21:04 +0100
Received: from 69-0-124-83.dsl.3u.net ([83.124.0.69])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 01:21:04 +0100
Received: from christian.baer by 69-0-124-83.dsl.3u.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 01:21:04 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 01:20:00 +0100 (CET)
Organization: Convenimus Projekt
Lines: 15
Message-ID: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 69-0-124-83.dsl.3u.net
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 00:21:12 -0000

Hi folks!

This question may seem a little strange, but don't hit me yet. :-)

I was just sitting here wanting to set up a new GELI-device when it
struck me: What should I encrypt exactly. If I were to use GBDE, the
usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI
suggests to encrypt all of ad2. I guess I could partition the
pseudo-device then. Would I get something like ad2.gelis1d?

Does this have any advantages oder just encrypting the partition and if
so how important are these?

Cheers!
Chris