The EFF is requesting full disk encryption as an option on the (non-alternate) CD

Clint Byrum clint at ubuntu.com
Wed Jan 4 17:57:07 UTC 2012


Excerpts from Mackenzie Morgan's message of Wed Jan 04 07:48:44 -0800 2012:
> On Wed, Jan 4, 2012 at 9:36 AM, Phillip Susi <psusi at cfl.rr.com> wrote:
> > Why bother encrypting / instead of just /home?  We already have /home
> > encryption, which seems to meet the needs of most people.
> 
> IIRC, certificates like for IPSec and SSL are stored outside of /home,
> and having those compromised is bad news.
> 

And there are services which store data for users in /var, like a local
MTA's outgoing mail queue, that could be extremely critical.

The idea of having the whole disk encrypted is mostly a safety net
against poorly written software and slight mistakes. If you really
have sensitive emails/IPSec/SSL certs, you should encrypt and/or sign
them. But somewhere, some script is going to accidentally put your data
in /var or /tmp unencrypted right before a thief steals your laptop and
then sells the data to an identity theft ring.

+1 for putting this on the list for 12.10.



More information about the ubuntu-devel mailing list