This is a 'confirmation of conversation' piece


rhmask, if not explicitly deprecated, is de-emphasized in the present installs.

BUT: It enables a secure infrastructure (I write this, having lunched at a
national financial institution's main office, and speaking with their Open
Source Architect, a Network Security person, and an architect for a monolithic
graphical 'server' vendor LDAP variant implementation project)

rhmask is tiny. -- It could move into rpm without too much effort or size
penalty, and provide a tool for management of enciphered content.

It lacks some features: from memory, it is using a symmetric, X-or class
encipherment, based upon the hash of a pre-existent package.
-- it enciphers the entire package, rather than just the payload, rpecenting it
from being able to 'play well' with the RPM sub-payload signing and potential
encipherment capability
-- it lacks asymmertric cipher support, adn clean PKI hooks

Compare:
-- RPM is rolling in the GPL'd becrypt library
-- RPM is solving and will complete solving database 'decruftification' issues
-- RPM is solbving PKI validation and revocation, and verification issues

Distributing enciphered keyed information (as rhmask enable), will incidentally
facilitate keychain maintenance for the GPG layers.

============

So proposal is:
- Move rhmask into RPM
- extend rhmask with asymmetric, and PKI enabled confirmation of keys,
capabilities.