From owner-freebsd-geom@FreeBSD.ORG  Fri Nov  8 23:03:08 2013
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 6FC28A73
 for <freebsd-geom@freebsd.org>; Fri,  8 Nov 2013 23:03:08 +0000 (UTC)
 (envelope-from brunolauze@msn.com)
Received: from blu0-omc3-s9.blu0.hotmail.com (blu0-omc3-s9.blu0.hotmail.com
 [65.55.116.84]) by mx1.freebsd.org (Postfix) with ESMTP id 3EA982669
 for <freebsd-geom@freebsd.org>; Fri,  8 Nov 2013 23:03:07 +0000 (UTC)
Received: from BLU179-W5 ([65.55.116.74]) by blu0-omc3-s9.blu0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Fri, 8 Nov 2013 15:03:01 -0800
X-TMN: [A/rBYluBvre+ysfIxM6Oo6ve9Wh3cONo]
X-Originating-Email: [brunolauze@msn.com]
Message-ID: <BLU179-W5B844903E3EE0ABA8CC92C6F20@phx.gbl>
From: =?iso-8859-1?B?QnJ1bm8gTGF1euk=?= <brunolauze@msn.com>
To: "freebsd-geom@freebsd.org" <freebsd-geom@freebsd.org>
Subject: GELI Passphrase Providers
Date: Fri, 8 Nov 2013 18:03:01 -0500
Importance: Normal
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Nov 2013 23:03:01.0158 (UTC)
 FILETIME=[AC441C60:01CEDCD6]
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 23:03:08 -0000

Right now=2C there's only "cngets" used to provide passphrase for GELI disk=
 encryption.=0A=
In the future=2C considering embedded solutiona=2C and cloud data centers=
=2C co-location=2C etc..=2C=0A=
would different geli passphrase providers be planned?=0A=
=0A=
=0A=
One thing that I dream of (for embedded projects):=0A=
=0A=
=0A=
While prompting the passphrase on the console=2C have some settings in load=
er.conf to=A0=0A=
provide an iface=2C ip=2C netmask gateway to mount and implement a Single P=
acket Authorization mechanism with IPSec.=0A=
=0A=
The impossibility to be on-site to enter passphrase prevent disk encryption=
 for multiple scenarios=2C and in my humble opinion=2C those are the same s=
cenarios where encryption is mandatory like embedded Device in the wild=2C =
co-location=2C Off-site servers... even bhyve...=0A=
=0A=
Of course=2C I know IPMI or KVM solutions are possible=2C just wandering if=
 we oversee any solutions without those required.=0A=
=0A=
Any opinions? 		 	   		  =