Date: Sat, 09 Oct 1999 02:19:24 +0100 From: Brian Somers <brian@Awfulhak.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: wsanchez@apple.com, Pat Dirks <pwd@apple.com>, Alban Hertroys <dalroi@wit401310.student.utwente.nl>, FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <199910090119.CAA02474@hak.lan.Awfulhak.org> In-Reply-To: Your message of "Thu, 07 Oct 1999 11:04:40 PDT." <199910071804.LAA95956@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[.....]
> Revisiting security now...
>
> A provision for public-key encryption of the data held on the disk (as
> well as the id itself) would be useful. Just encrypting the ID alone
> would not be useful.
>
> The distinction would then shift away from whether the media is removable
> or not (it would no longer matter as much) and instead assume that no
> unencrypted data can ever be trusted and encrypted data can be trusted
> insofar as the ID can be trusted.
[.....]
Too hard ! I would have thought the only practical way would be to
digitally sign the contents of the disk and then to validate the
signature before mount time.
IMHO this is nothing to do with the ability to mount removable media.
If the admin wants this level of paranoia (certainty ?) then {,s}he
can do it h{im,er}self... at the end of the day, root decides if the
media is ``local'', not the media.
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910090119.CAA02474>