From owner-freebsd-geom@FreeBSD.ORG Sun Jun 9 19:51:45 2013 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id EB672E35; Sun, 9 Jun 2013 19:51:45 +0000 (UTC) (envelope-from gcr+freebsd-geom@tharned.org) Received: from roadkill.tharned.org (roadkill.tharned.org [75.145.12.185]) by mx1.freebsd.org (Postfix) with ESMTP id B1E2F1E16; Sun, 9 Jun 2013 19:51:45 +0000 (UTC) Received: from badger.tharned.org (badger.tharned.org [10.10.10.23]) (authenticated bits=0) by roadkill.tharned.org (8.14.7/8.14.7) with ESMTP id r59JpCRj030341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 9 Jun 2013 14:51:39 -0500 (CDT) (envelope-from gcr+freebsd-geom@tharned.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tharned.org; s=2013; t=1370807499; bh=slijGhmHof7EB/JQlb7LwVUNhnfadwzwyGO3lcelXZE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Lu5jQDGnlpl1nZ05akUyK+Jt6FEz5M0Tv9xeHvxb91uc6MLxDqkCWRTAIiGN0t4co QtduiHIUsQ1vwvY+hxDV310gCT7MGBsw2YgNR67AB75rx5Z9L5rA2cylVRA+eqdB0i 8y8EFunrQjC/yFWMKkE6R+snMZ1EYd+MPhHthCHg= Date: Sun, 9 Jun 2013 14:51:12 -0500 (CDT) From: Greg Rivers To: Pawel Jakub Dawidek Subject: Re: geli external header (metadata) In-Reply-To: <20130609182457.GB2468@garage.freebsd.pl> Message-ID: References: <51B31D42.2010801@gmail.com> <20130609182457.GB2468@garage.freebsd.pl> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (roadkill.tharned.org [75.145.12.185]); Sun, 09 Jun 2013 14:51:39 -0500 (CDT) Cc: Andrew Romero , freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jun 2013 19:51:46 -0000 On Sun, 9 Jun 2013, Pawel Jakub Dawidek wrote: > On Sat, Jun 08, 2013 at 03:02:10PM +0300, Andrew Romero wrote: > > Hi all > > I made a patch to support of external header (metadata) on GEOM ELI (geli) > > > > System: FreeBSD 9-STABLE r250964 i386 > > > > geli patch - http://pastebin.com/UGpnMN19 > > regresion patch - http://pastebin.com/hJVkTpJZ > > I don't mean to discourage you, but every additional complexity comes at > risk and it case of GELI this is security risk. What is missing in your > work is explanation how it that useful for the users? How do you use it? > First I need to understand and be convinced that this functionality is > generally useful and thus is worth additional complexity and risk. > I can't speak for Mr Romero, but I imagine what he's after is plausible deniability. The GELI metadata on a volume unambiguously declares it to be encrypted data. Properly implemented, I think this could be a worthwhile enhancement for certain applications or circumstances where one may not wish to invite further scrutiny. -- Greg Rivers