From 055b5a5a2c8a97de129c176ce157bef9e6c1cf1c Mon Sep 17 00:00:00 2001 From: distix ticketing system Date: Mon, 3 Jul 2017 07:50:06 +0000 Subject: imported mails --- .../Maildir/new/1499068206.M188946P16925Q1.koom | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499068206.M188946P16925Q1.koom (limited to 'tickets') diff --git a/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499068206.M188946P16925Q1.koom b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499068206.M188946P16925Q1.koom new file mode 100644 index 0000000..ca8696a --- /dev/null +++ b/tickets/e438054ed0074cc2b9c85554d2504b38/Maildir/new/1499068206.M188946P16925Q1.koom @@ -0,0 +1,121 @@ +Return-Path: +X-Original-To: distix@pieni.net +Delivered-To: distix@pieni.net +Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) + by pieni.net (Postfix) with ESMTPS id 3533944667 + for ; Mon, 3 Jul 2017 07:48:57 +0000 (UTC) +Received: from platypus.pepperfish.net (unknown [10.112.101.20]) + by yaffle.pepperfish.net (Postfix) with ESMTP id E317941CB0; + Mon, 3 Jul 2017 08:48:56 +0100 (BST) +Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) + by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) + id 1dRw6K-0006KZ-TD; Mon, 03 Jul 2017 08:48:56 +0100 +Received: from [10.112.101.21] (helo=inmail2.pepperfish.net) + by platypus.pepperfish.net with esmtps (Exim 4.80 #2 (Debian)) + id 1dRw6J-0006KJ-Oe + for ; Mon, 03 Jul 2017 08:48:55 +0100 +Received: from palant.de ([88.198.212.187]) + by inmail2.pepperfish.net with esmtps + (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) + (envelope-from ) id 1dRw6I-0004XF-6M + for obnam-dev@obnam.org; Mon, 03 Jul 2017 08:48:55 +0100 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palant.de; + s=dkim201610; + h=Sender:Content-Transfer-Encoding:Content-Type:In-Reply-To: + MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; + bh=5kIig9Lgimvik+7aDCwa+8S1dQQicZbc/GVYcVWnHFQ=; b=vkXkGO3fRxS+52kdFmkKIxIbFM + UaJ5m/wI/k305DQDUVaM0gW6JAoFFv269HXOHszmmL7OhEuLGGm+5B0R8mz8WEjgSSYIVQi+ycXDZ + 3FtZKsLxmxgpBYo/bXVdhHPGu5fk+466qqaDgVQj9JKoaCtyrxm1gsGcKeiNjPAZ6KTg=; +To: Lars Wirzenius +References: <2d0a8c01-9f58-1ee7-7e20-53fe65d96718@palant.de> + <20170703050540.p5co243yxedvsaca@liw.fi> +From: Wladimir Palant +Message-ID: <23949c28-f4b0-04bb-d4b8-c6569c94820b@palant.de> +Date: Mon, 3 Jul 2017 09:48:45 +0200 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 + Thunderbird/52.1.1 +MIME-Version: 1.0 +In-Reply-To: <20170703050540.p5co243yxedvsaca@liw.fi> +Content-Type: text/plain; charset=windows-1252; format=flowed +Content-Language: en-US +Content-Transfer-Encoding: 7bit +X-Pepperfish-Transaction: 77be-bdaa-a662-de06 +X-Spam-Score: -3.1 +X-Spam-Score-int: -30 +X-Spam-Bar: --- +X-Scanned-By: pepperfish.net, Mon, 03 Jul 2017 08:48:55 +0100 +X-Spam-Report: Content analysis details: (-3.1 points) + pts rule name description + ---- ---------------------- -------------------------------------------------- + 0.4 PPF_WINDOWS_CHARSET Content-Type is in a Windows-* charset + -0.5 PPF_USER_AGENT User-Agent: exists + -1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain + -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% + [score: 0.0000] + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's + domain +X-ACL-Warn: message may be spam +X-Scan-Signature: 7f2245552c28d1e693ee8fc7a1f06879 +Cc: obnam-dev@obnam.org +Subject: Re: [rfc] Passphrase-based encryption +X-BeenThere: obnam-dev@obnam.org +X-Mailman-Version: 2.1.5 +Precedence: list +List-Id: Obnam development discussions +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Sender: obnam-dev-bounces@obnam.org +Errors-To: obnam-dev-bounces@obnam.org + +On 03.07.2017 07:05, Lars Wirzenius wrote: +> If you want this, you should write a plugin that adds symmetric +> encryption in addition to the PGP based on that Obnam currently +> provides. You should probably do it by only encrypting the symmetric +> encryption key that PGP encrypts. This would allow PGP and symmetric +> to be used on the same repo by different clients. + +Not really worth it as long as I'm the only one using that plugin, I'd +rather stay with my simple approach then. + +> I am afraid, however, that I am unlikely to accept the plugin into +> Obnam proper, since I don't think it makes things better. It's true +> that it will probably be easier to set up, but at the cost of more +> difficult key management. + +No problem, if it isn't a good match for the overall concept then so be it. + +> Backing up small files such as PGP keys is so easy I don't agree with +> that part of your argument. It's a matter of a few kilobytes. You +> could put the key into a QR code and print it on paper. + +My thought was rather encrypting it with a passphrase and storing next +to the actual backup. Doing this correctly turned out non-trivial, with +both GPG's own passphrase encryption and OpenSSL's enc tool using +suboptimal key derivation to say the least. + +> Also, environment variables can be read by other processes, just like +> command line arguments can be. See /proc/*/environ. The environ files +> are only readable by the owner, but it's still not a way to pass +> secrets, in my opinion. Defense in depth, and all that. + +There aren't too many ways to pass secrets and AFAIK none of them will +protect against other processes running with the same privileges. For +example, you could require the passphrase to be stored in a file +readable only by the owner - but this protection will be equivalent to +the way /proc/*/environ is protected (or GPG keys for that matter). + +regards +Wladimir + +_______________________________________________ +obnam-dev mailing list +obnam-dev@obnam.org +http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org -- cgit v1.2.1