-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Venkat Manakkal wrote: > I sent this message on the 27th, and qmail logs show that it was sent out OK, > was there an issue with the list manager? I did not see a copy or find one in me neither.... > On Tuesday 26 October 2004 05:35 pm, Christian Kujau wrote: > >>>what's the point in encrypting the root partition anyway? i know, this > > The point is someone at the data center cannot unplug the thing, pop the hard > drives out and then return them two days later after making a mirror of the > thing like they did with the Indymedia servers that were stolen from > rackspace. See http://uk.indymedia.org/ if you have not heard. yes, i've heard about this issue but i need to read on to get your point. > At least when you get it back you only have to recreate your boot partition > from a trusted backup and trust the server again. yes, one yould just re-image the hd with the trusted backup and it probably saves install time. i fail to parse your message here and hence fail to understand why it should be necessary to encrypt the _operating system_ part of the hd: > Or let some judicial review > and due process take place before handing over the keys (if you have a choice handing over the keys for /usr/lib? sure, i'd hand them out ;-) > and are not in some gulag as is so common with our _in_justice system these > days). Also, if only the client had the keys, then it would leave the ISP out > of the loop. i doubt the ISP would be asked to make a copy of /sbin for the feds. > And again, it would be possible to create a server with > ephemeral keys so that the data and the server is completely lost if powered how is losing /etc going to help here? we have to set it up all again when we get back the server. remember, i'm not speaking about *data* parts here. losing parts of sensitive data (making it unrecoverable with ephemeral keys could make sense if the worst case happens). i was speaking about the *operating system* part. > I have not had time to work out this configuration with ssh yet. I think a > better solution is to offer remote console access via blade servers for > example, so that the client can have full control of the entire process > remotely and be completely responsible for the server at all times. Anyone on > this list interested in such a dedicated server solution? (In other words can > I get some 10 interested people so that it becomes a business proposition?) already offered by many hosters. thanks, Christian. - -- BOFH excuse #1: clock speed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBhrcZ+A7rjkF8z0wRAvSUAJsHfLnCz7xWvLoQpsriHYPAHgUeWQCfUWnO 8mrv1+GWn9u/h0swrTgym5A= =NJLg -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
