On Nov 18, 2010, at 12:19 AM, Thomas Mueller wrote: > On 18.11.2010 02:01, Dan Langille wrote: > >>> >>> IMHO TLS is only used for the "control-channel" not for the "data- >>> channel". >> >> Really? I hope not. Can you prove this? >> > > ok maybe you're right. i've had in mind that it was not encrypted, but > written is that the volumes written by sd are not encrypted. not the > data transfer between fd and sd.
The TLS implementation supports encryption of all network communications between all daemons. > "The data written to Volumes by the Storage daemon is not encrypted by > this code. " > > http://bacula.org/5.0.x-manuals/en/main/main/Bacula_TLS_Communications.html Right -- this caveat is intended to explain that despite the network communications being encrypted, the data actually written to the volume is not encrypted -- ie, anyone with physical access to the disk or tape can still read its contents, but the data can not be read off the wire by someone with a network sniffer. The data (but not meta-data) written to disk can be encrypted by the File Daemon, but that is separate from the TLS support. Storage encryption in the Storage Daemon is not currently supported (something we've discussed on the list in the past). -landonf ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
