Re: [Gnu-arch-users] oh the heck with it -- tla-1.2pre0

[Brian May]

>>>>> "Tom" == Tom Lord <address@hidden> writes:

    Tom> The only argument against I see left is that while encryption
    Tom> of changesets, import copies, CONTINUATION files, log
    Tom> messages, archive-cached revisions and (perhaps) checksum
    Tom> files is easy -- encryption of category, branch, version, and
    Tom> revision _names_ is not.  That's why wonder if a VPN isn't a
    Tom> better solution.

With vpn/sftp, if somebody breaks into the server, they get to read
access to everything.

With this method, if somebody breaks into the server, all they get
access to are the encrypted files. The server doesn't even need the
key to decrypt them. In fact, the server, doesn't even need the key to
encrypt them (a possible aid in attacking the public key encryption
scheme).

Of course, the counter argument is that if somebody breaks into *one*
of the client machines, you will (potentially) be able to access
everything anyway, this hasn't changed. However, at least the server
is better protected. Depending on the application, the server could be
the machine most at risk anyway.

If you needed to use this method, I think you would only allow a very
limited number of clients access (as the more clients have access, the
more likely one of them will deliberately/accidently leak the
information).
-- 
Brian May <address@hidden>