-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I sent this message on the 27th, and qmail logs show that it was sent out OK, was there an issue with the list manager? I did not see a copy or find one in a public archive. Make me wonder. Cheers! - ---Venkat. - ---------- Forwarded Message ---------- Subject: Re: Encrypted root with loop-aes on a server? Date: Wednesday 27 October 2004 08:29 am From: Venkat Manakkal <venkat@xxxxxxxxxxxxxx> To: linux-crypto@xxxxxxxxxxxx - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 26 October 2004 05:35 pm, Christian Kujau wrote: > what's the point in encrypting the root partition anyway? i know, this The point is someone at the data center cannot unplug the thing, pop the hard drives out and then return them two days later after making a mirror of the thing like they did with the Indymedia servers that were stolen from rackspace. See http://uk.indymedia.org/ if you have not heard. At least when you get it back you only have to recreate your boot partition from a trusted backup and trust the server again. Or let some judicial review and due process take place before handing over the keys (if you have a choice and are not in some gulag as is so common with our _in_justice system these days). Also, if only the client had the keys, then it would leave the ISP out of the loop. And again, it would be possible to create a server with ephemeral keys so that the data and the server is completely lost if powered down. I have not had time to work out this configuration with ssh yet. I think a better solution is to offer remote console access via blade servers for example, so that the client can have full control of the entire process remotely and be completely responsible for the server at all times. Anyone on this list interested in such a dedicated server solution? (In other words can I get some 10 interested people so that it becomes a business proposition?) Best regards, - - ---Venkat. - - ---------------------------------------------------------------------------- Venkat Manakkal venkat_AT_rayservers.com GPG: https://www.rayservers.com/keys/0x12430522.asc GPG: 0x12430522/4856 01AB F8BA E0EB F128 A57F 59D9 16FD 1243 0522 +1-607-546-7300 http://www.rayservers.com/ Computers. Installed Secure. - - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBf5SgWdkW/RJDBSIRAm63AKDnywaBzmiVS0m9oPEAgcLtPKZLXACeKNZ7 /Ez2IL2ryELsK/+OVsVGqaI= =bBvb - -----END PGP SIGNATURE----- - ------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBhXiTWdkW/RJDBSIRAqw1AKC7XZl3Cs3KFinnIRUz2SdQAnNkZgCg2477 PX1rdOH1OtPuYZ+T6iEMYUM= =jlgI -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
