Date: Mon, 5 Oct 2020 11:39:53 -0400 From: Eric McCorkle <eric@metricspace.net> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Mounting encrypted ZFS datasets/GELI for users? Message-ID: <630f9133-4f67-92bd-41f9-fb04d985c159@metricspace.net> In-Reply-To: <CAOtMX2hbt-2MBryLUJLU9CLgvZO29vNzMwtSrR1YXvknHFaGjA@mail.gmail.com> References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> <CAOtMX2hbt-2MBryLUJLU9CLgvZO29vNzMwtSrR1YXvknHFaGjA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF Content-Type: multipart/mixed; boundary="AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc" --AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/5/20 11:12 AM, Alan Somers wrote: > First of all, what kind of thread are you concerned with?=C2=A0 Disk > encryption does not protect against an attacker with access to a live > machine; it only protects against an attacker with access to an off > machine, or to the bare HDDs.=C2=A0 Per-user encryption would presumabl= y > protect one user from another user who has physical access to the off > server.=C2=A0 Is that what you're worried about?=C2=A0 If not, then you= shouldn't > bother with per-user encryption.=C2=A0 Just encrypt all of /home or all= of > the pool with a single key. >=20 > -Alan I am evaluating options for domains where use of per-user encryption is mandated, often as a means of protecting against insider threats. --AFKY7f1UhzhyX5jcwKO4MDJd8xD39Xhsc-- --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQ9+4mhuzHQx7ikjAs846Nm3BBWrAUCX3s+SQAKCRA846Nm3BBW rD1ZAP0cyNlO1ThkquVputKoaz57If/nxQUSeVBManOYOFgrkwEAxFA27duQuNjU XEh7WZMbXR7QssgK/OR1uJAGdh7I8A0= =rncG -----END PGP SIGNATURE----- --JIE9tOMMIY2I4L9QZydIV914Rt1cKjLGF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?630f9133-4f67-92bd-41f9-fb04d985c159>