Re: [Evolution-hackers] Cache encryption
- From: David Woodhouse <dwmw2 infradead org>
- To: Sankar P <psankar novell com>
- Cc: evolution-hackers gnome org
- Subject: Re: [Evolution-hackers] Cache encryption
- Date: Fri, 04 Mar 2011 12:58:08 +0000
On Fri, 2011-03-04 at 05:47 -0700, Sankar P wrote:
>
> Will it be not simpler if we can make Evolution use a custom location
> for cache, that the user/root can set ?
>
> That way, we don't have to write (and more importantly maintain) yet
> another encryption/decryption library and instead just use a different
> folder for storing all secret/confidential data, which can be a custom
> mount point which runs on encrypted partition.
I did look at that briefly. But I think it would have problems from both
the implementation and the user experience point of view.
With the encryption handled by e-d-s itself, it's all nice and
self-contained. When it needs a password it can *ask* for it. If it
wants to change the cache-encryption password to match the password for
the online account, then it can handle that too. It's all integrated and
works coherently.
If you start trying to co-ordinate it with an external thing like an
ecryptfs mount point, then there are a bunch of things you have to work
with which are essentially outside your control.
> From a distro point of view, libraries with security packages usually
> have extra maintenance overhead (Are you sure your package is not
> shipped to america-banned countries ? etc.) So I believe it will be a
> better idea if the [en/de]cryption capable packages are less in
> number.
I wasn't planning to do any of the actual crypto code directly in
Evolution; I was planning to use NSS for that. The additional
functionality would presumably live inside #ifdef CAMEL_HAVE_NSS, like a
lot of other code in e-d-s already does.
--
dwmw2
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
