From owner-freebsd-geom@FreeBSD.ORG  Thu Dec  2 17:24:12 2004
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9857116A4CE
	for <freebsd-geom@freebsd.org>; Thu,  2 Dec 2004 17:24:12 +0000 (GMT)
Received: from foo.nemo-project.org (foo.nemo-project.org [194.54.103.89])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4ABD543D45
	for <freebsd-geom@freebsd.org>; Thu,  2 Dec 2004 17:24:12 +0000 (GMT)
	(envelope-from terje+geom@elde.net)
Received: by foo.nemo-project.org (Postfix, from userid 1001)
	id AE8C6D9091; Thu,  2 Dec 2004 18:25:34 +0100 (CET)
Date: Thu, 2 Dec 2004 18:25:34 +0100
From: Terje Elde <terje+geom@elde.net>
To: Ivan Voras <ivoras@fer.hr>
Message-ID: <20041202172534.GW72822@calleigh.elde.net>
References: <41AF3FCE.1030405@fer.hr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <41AF3FCE.1030405@fer.hr>
User-Agent: Mutt/1.5.4i
cc: freebsd-geom@freebsd.org
Subject: Re: More geom classes?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2004 17:24:12 -0000

On Thu, Dec 02, 2004 at 05:16:14PM +0100, Ivan Voras wrote:
> I think I misunderstood something. Do you propose this (for 2 disks):
> 
> for each block to be written:
> a) generate a block of random data
> b) write random data to first disk
> c) write random data xor user data to second disk
> 
> So, as long as any person has both disks, the data can be recovered. 
> Where's the security in that?

That you have a filesystem that's not edible unless you have both disks.
Typical usage would naturally be for two people to not have the same disks,
except for when the filesystem should be accessible.

A simple use-case could be using the filesystem to store CA root keys on.  The
filesystem would thus only be available when both (or all, og N of M) trusted
people cooperate in making it available.

Pendrives and similar storage could be useful.

Terje