This is a 'confirmation of conversation' piece rhmask, if not explicitly deprecated, is de-emphasized in the present installs. BUT: It enables a secure infrastructure (I write this, having lunched at a national financial institution's main office, and speaking with their Open Source Architect, a Network Security person, and an architect for a monolithic graphical 'server' vendor LDAP variant implementation project) rhmask is tiny. -- It could move into rpm without too much effort or size penalty, and provide a tool for management of enciphered content. It lacks some features: from memory, it is using a symmetric, X-or class encipherment, based upon the hash of a pre-existent package. -- it enciphers the entire package, rather than just the payload, rpecenting it from being able to 'play well' with the RPM sub-payload signing and potential encipherment capability -- it lacks asymmertric cipher support, adn clean PKI hooks Compare: -- RPM is rolling in the GPL'd becrypt library -- RPM is solving and will complete solving database 'decruftification' issues -- RPM is solbving PKI validation and revocation, and verification issues Distributing enciphered keyed information (as rhmask enable), will incidentally facilitate keychain maintenance for the GPG layers. ============ So proposal is: - Move rhmask into RPM - extend rhmask with asymmetric, and PKI enabled confirmation of keys, capabilities.
stale - closing