From owner-freebsd-hackers  Sat Oct  9  0:30:25 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from awfulhak.org (dynamic-93.max1-du-ws.dialnetwork.pavilion.co.uk [212.74.8.93])
	by hub.freebsd.org (Postfix) with ESMTP id A7EE9158FD
	for <FreeBSD-Hackers@FreeBSD.ORG>; Sat,  9 Oct 1999 00:30:12 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by awfulhak.org (8.9.3/8.9.3) with ESMTP id IAA00325;
	Sat, 9 Oct 1999 08:30:10 +0100 (BST)
	(envelope-from brian@lan.awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id CAA02474;
	Sat, 9 Oct 1999 02:19:25 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <199910090119.CAA02474@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.0.2 2/24/98
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: wsanchez@apple.com, Pat Dirks <pwd@apple.com>,
	Alban Hertroys <dalroi@wit401310.student.utwente.nl>,
	FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG>
Subject: Re: Apple's planned appoach to permissions on movable filesystems 
In-reply-to: Your message of "Thu, 07 Oct 1999 11:04:40 PDT."
             <199910071804.LAA95956@apollo.backplane.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 09 Oct 1999 02:19:24 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[.....]
>     Revisiting security now...
> 
>     A provision for public-key encryption of the data held on the disk (as
>     well as the id itself) would be useful.  Just encrypting the ID alone
>     would not be useful.
> 
>     The distinction would then shift away from whether the media is removable
>     or not (it would no longer matter as much) and instead assume that no
>     unencrypted data can ever be trusted and encrypted data can be trusted
>     insofar as the ID can be trusted.
[.....]

Too hard !  I would have thought the only practical way would be to 
digitally sign the contents of the disk and then to validate the 
signature before mount time.

IMHO this is nothing to do with the ability to mount removable media. 
If the admin wants this level of paranoia (certainty ?) then {,s}he 
can do it h{im,er}self... at the end of the day, root decides if the 
media is ``local'', not the media.

-- 
Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message