From owner-freebsd-questions@FreeBSD.ORG Wed Aug 23 23:07:16 2006 Return-Path: X-Original-To: questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48B7216A4DA for ; Wed, 23 Aug 2006 23:07:16 +0000 (UTC) (envelope-from sdbrown@annular.org) Received: from glycine.annular.org (glycine.annular.org [69.17.112.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4CFF43D5F for ; Wed, 23 Aug 2006 23:07:13 +0000 (GMT) (envelope-from sdbrown@annular.org) Received: by glycine.annular.org (Postfix, from userid 1001) id 6EF1A621A; Wed, 23 Aug 2006 16:07:13 -0700 (PDT) Date: Wed, 23 Aug 2006 16:07:13 -0700 From: Steve Brown To: questions@FreeBSD.org Message-ID: <20060823230713.GA61890@glycine.annular.org> Mail-Followup-To: Steve Brown , questions@FreeBSD.org References: <54380.66.209.36.253.1156355078.squirrel@mail.totaldiver.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54380.66.209.36.253.1156355078.squirrel@mail.totaldiver.net> User-Agent: Mutt/1.4.2.1i Cc: Subject: Re: Geli questions.. ponderings.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 23:07:16 -0000 > The idea: I'd like to use geli to encrypt *everything* on the disk. So > if someone (a competitor maybe) removes the disk from the machine, he > can't gain any data off of it easily. I know nothing is 100%, but why > make the process easy for him? It seems like there is a more basic problem here than automating key downloading. If the end-user can boot up the box, then they have an opportunity to interfere with the boot process. The code providing instructions to fetch a remote key would have to be in the clear, in which case the competitor could just use that code to get the remote key (since it would do so automatically on boot, I assume you're not requiring the client to call you for key authorization every time?) and then access the disk. The problem is wanting to automate the decryption process, I think. Steve B.