-----Original Message----- From: Jason Clinton
On Tuesday 14 December 2004 11:14, Brian Kelsay wrote:
That, my friend, was an awesome post. This may sound like
a simple thing
...
*chuckle* Thanks for the compliment! I'll add that to my list of awesome-projects-I'll-get-to-someday-soon. ;)
I second Brian's statement. I would only add one thing to that idea. I would make the script the default mount command and pass thru the mount command to the real mount command unless it was one of the "encrypted devices". Ok two things, I would also add an option to require a password or passphrase rather than just a public/private key scheme.
... easy to _not_ forget. Losing your private key is a very nasty proposition -- publishing revocation certificates is _not_ a fun thing.
Why is that? I would think you would want to do this every so often, to ensure a bit more security. Especially since it's relatively easy now to build a really powerful mainframe cheaply, that can do nothing but crack private/public keys. Not to mention the fact that the encryption techniques we thought were so secure turn out to have problems too.
When is there going to be another key signing event?
-
Brian Densmore