D. Hugh Redelmeier wrote, On 12/07/2007 01:22 AM:
| From: Robin Laing <Robin.Laing@xxxxxxxxxxxxxxx> ^^^^^^^^^^^^ Defence R&D Canada / R & D pour la défense Canada . Government of Canada | One issue with all this pre-compiled database is it makes things easy for | someone else to trace your actions. Yeah. Like the government :-) :-) | Maybe I am paranoid but I found that even | "locate" can reveal to much information that I don't want easily found. True. | I want to start encrypting everything on the laptop and many files on the | desktop. In your business, it would seem like a given. But perhaps not for what you actually do. Lack of encryption of exposed devices has recently gotten the UK government in trouble. http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm The Privacy Commissioner of Ontario has also ordered that notebook drives must be encrypted if they have "identifiable data" (what a term!): http://www.ipc.on.ca/index.asp?navid=55&fid1=607
If Red Hat/Fedora did not have what appears to be a "No crypto but ours(NSS)" stance[1], it might be possible to have support for encryption (using government supplied FIPS 140 compliant crypto devices, i.e., the CAC in the U.S) for many things[2] including a couple of encrypted file systems[3][4]. Or if they would at least incorporate those until they figure out how to make NSS work, it would be nice. Even if those solutions are not FIPS approved, it would allow an attempt at due care|diligence, to be easily worked out.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=186469#c11 [2] http://alon.barlev.googlepages.com/open-source [3] http://alon.barlev.googlepages.com/ecryptfs-pkcs11 [4] http://wiki.tuxonice.net/EncryptedSwapAndRoot -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter