[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Opinions wanted about encryption support in Cedar Backup

To: cedar-backup-users@cedar-solutions.com
Subject: Opinions wanted about encryption support in Cedar Backup
From: Kenneth Pronovici <kenneth.pronovici@cedar-solutions.com>
Date: Sun, 31 Dec 2006 18:00:25 -0600
List-help: <mailto:cedar-backup-users-help@cedar-solutions.com>
List-id: <cedar-backup-users.cedar-solutions.com>
List-owner: <mailto:cedar-backup-users-owner@cedar-solutions.com>
List-post: <mailto:cedar-backup-users@cedar-solutions.com>
List-subscribe: <mailto:cedar-backup-users-subscribe@cedar-solutions.com>
List-unsubscribe: <mailto:cedar-backup-users-unsubscribe@cedar-solutions.com>
Mail-followup-to: cedar-backup-users@cedar-solutions.com
Reply-to: Kenneth Pronovici <pronovic@ieee.org>
Sender: Kenneth Pronovici <pronovic@cedar-solutions.com>
User-agent: Mutt/1.5.9i

Hi, 

In a private email, Dmitry Rutsky requested an enhancement to Cedar
Backup.  Dmitry would like to see Cedar Backup encrypt the data written
to disc, so he won't have to worry about his private information lying
unprotected in his CD drive most of the time.

This does seem like a good idea, and in fact it's been in the back of my
mind for a while now.  

I'd like to hear opinions from other users about whether you'd use this
functionality, and if so, how you would like it to work. 

First, I am assuming that GPG is the obvious choice for encrpytion.
Anyone disagree?

Next, let's note that while encryption offers an improvement (in that
the backup on disc is now safer while sitting in a drive), there is also
a tradeoff (in that a key -- stored elsewhere -- would be required to
decrypt a backup).  Additional configuration, such as importing public
keys on clients, may also be required.

With that out of the way, I see three options as to when the backed-up
data could be encrpyted: at collect, stage, or store.  

If we encrypt at the collect step, data is "safe" for as much of the
backup process as possible.  However, extra configuration is required on
each client to import keys.  Also, any collect-like extension would have
to implement encrpytion just like collect, which is a bit ugly.

If we encrypt at the stage step, we could either encrypt files
immediately when staging them from peers, or after all data has been
staged.  In either case, staging directories would contain encrypted
data, but collect directories would not.  Because of this, any existing
extension would fit into the process with no changes.  

If we do it at the store step, we're saving the encrpytion task to as
late a point as possible.  One advantage is that only the disc is
encrypted, making it easier to work with staging directories.  One big
disadvantage is encrypt-on-store is difficult to implement.  Among other
things, we'd have to build an encrpyted copy of the data to create the
ISO image and use in the <check_data> step.  The rebuild action would
also have to change.

Right now, I'm leaning toward having encrypted staging directories
because it's the simplest solution (i.e. gets me most of what I want
with the least chance of breaking something).  I think I would create an
"encrpyt" extension to run after stage and before store, so I don't have
to touch the standard actions at all.  However, I'm keeping an open mind
and I'd like to see if anyone thinks there is a better solution.

Thanks!

KEN

-- 
Kenneth J. Pronovici <pronovic@ieee.org>
http://www.cedar-solutions.com/


-- 
To unsubscribe, send mail to cedar-backup-users-unsubscribe@cedar-solutions.com.

Prev by Date: Re: Subversion dump split in two files
Next by Date: Cedar Backup v2.10.1 Released
Previous by thread: Re: Subversion dump split in two files
Next by thread: Cedar Backup v2.10.1 Released
Index(es):
- Date
- Thread