Date: Fri, 29 May 2020 05:15:50 -0400 From: Eric McCorkle <eric@metricspace.net> To: freebsd-hackers@freebsd.org Subject: Re: Researching for proposals: trust and proactively-secure filesystems Message-ID: <210b23c9-25f0-d965-ba23-34f459b93fe2@metricspace.net> In-Reply-To: <c3ace90a4c79b9f3f76709114deced87@udns.ultimatedns.net> References: <c3ace90a4c79b9f3f76709114deced87@udns.ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NJYZub5r4a41BwEybGsEd8ZxoBkeqYSvN Content-Type: multipart/mixed; boundary="iyC7gOlMvBqBcWzw4AZeXPJqo2xNSRnax"; protected-headers="v1" From: Eric McCorkle <eric@metricspace.net> To: freebsd-hackers@freebsd.org Message-ID: <210b23c9-25f0-d965-ba23-34f459b93fe2@metricspace.net> Subject: Re: Researching for proposals: trust and proactively-secure filesystems References: <c3ace90a4c79b9f3f76709114deced87@udns.ultimatedns.net> In-Reply-To: <c3ace90a4c79b9f3f76709114deced87@udns.ultimatedns.net> --iyC7gOlMvBqBcWzw4AZeXPJqo2xNSRnax Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 5/28/20 1:07 PM, Chris wrote: > I think it's a wonderful concept. +1 on that. > How much overhead do you suppose this might impose? I don't imagine it would be much, just the usual cost of disk encryption. If you're decrypting disk pages only on demand and purging them from memory when done, that would impose some cost, but presumably anyone with that level of security needs wouldn't care. > Would your concept permit the ability to simply insert say a USB device= > (stick) with the required material, and be done with it? IOW require no= > additional effort/action(s) on the administrators part? That would be one way of doing it. Given the level of security implied by these proposals, I'd imagine you'd want the actual cryptographic material to reside on some kind of smart card or HSM. I could see the public key technique I described being used to unlock a credential store.= > Thanks for taking something like this on! I think it's a great idea. To be clear, these are ideas for an R&D proposal I'm developing. There's no guarantee it will be funded. --iyC7gOlMvBqBcWzw4AZeXPJqo2xNSRnax-- --NJYZub5r4a41BwEybGsEd8ZxoBkeqYSvN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCXtDSzAAKCRA846Nm3BBW rMAFAQDigkQJXVtq+hDqK7JFwcw6IiQ7j4Sv8SF2DDDjwGzKsQD/QC+t6iB2a79o BfaajCwehl7tFlkJGp6d5Df5f5921gg= =LERZ -----END PGP SIGNATURE----- --NJYZub5r4a41BwEybGsEd8ZxoBkeqYSvN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?210b23c9-25f0-d965-ba23-34f459b93fe2>