Re: [Evolution-hackers] Cache encryption

From: David Woodhouse <dwmw2 infradead org>
To: Matthew Barnes <mbarnes redhat com>
Cc: evolution-hackers gnome org
Subject: Re: [Evolution-hackers] Cache encryption
Date: Fri, 04 Mar 2011 12:25:36 +0000

On Fri, 2011-03-04 at 07:17 -0500, Matthew Barnes wrote:
> On Fri, 2011-03-04 at 11:55 +0000, David Woodhouse wrote:
> > On Fri, 2011-03-04 at 06:50 -0500, Matthew Barnes wrote:
> > > Can you go into more detail about why it's needed?  Would help me to
> > > better understand the use cases.
> > 
> > Mostly corporate paranoia. If your phone/tablet/laptop is stolen, the
> > data on it should not be stored in clear text. That would let the thief
> > read all your ultra-secret memo-list mails.
> 
> Would it not make more sense to encrypt files at the filesystem level
> rather than piecemeal through individual apps?  A quick Google search
> turns up several solutions for Linux.

We do have that option already. We've been using ecryptfs for that,
along with the PAM module that unlocks it automatically at login time.

> Perhaps it's a different story for mobile devices?

To a large extent, yes. The 'encrypt it all' solution means that you are
forced to unlock the device to do *anything* with it, while from a user
experience point of view we really do want to have a more fine-grained
approach which allows you to easily use the device for personal things
but just makes you unlock the *corporate* data before you access it.

-- 
dwmw2

Follow-Ups:
- Re: [Evolution-hackers] Cache encryption
  - From: Matthew Barnes

References:
- [Evolution-hackers] Cache encryption
  - From: David Woodhouse
- Re: [Evolution-hackers] Cache encryption
  - From: Matthew Barnes
- Re: [Evolution-hackers] Cache encryption
  - From: David Woodhouse
- Re: [Evolution-hackers] Cache encryption
  - From: Matthew Barnes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]