Alex Harford wrote:

>>> - Connect through VPN
>>> - Provides an encrypted Windows file share

I did miss this the first time... I don't think that a file share over VPN
is a good idea. VPN connections are bad for this IME. I'd run this through
something like (S)FTP (FTP if inside the VPN, SFTP if outside) rather than
through a share. Depending on the connection speed, many normal local file
system tools like Windows Explorer are not usable anyway, so you might just
as well use a decent protocol.

>>> - Provides an encrypted Subversion or CVS server
>> 
>> Why do these two have to be encrypted? Doesn't that only add
>> unnecessary cpu load to the server?
> 
> Yes, but this way you don't need to trust me with your data, since you
> have the encryption key. 
> 
> I realize that there is a certain level of trust involved, ie how do you
> know that I'm actually encrypting your data.  I'm not sure how I can
> prove that.  

As long as the users have access to a share, they can check whether the
files in the share are encrypted through the file properties. They also can
verify the security settings on these files.

You'd have to give one of a group of users (the "group admin" or so) a
share access to the repository (in the case of cvs/cvsnt), so that they can
verify it there also. And also for some repo admin work this comes handy.

> Users would generate their own key files for the VPN connection, but how
> do they know what's happening on the other end?

>From what I understand, you mean to admin this server. So basically, trust
or not, you can look at the files if you want to, AFAIK. If this is
correct, I'm not sure the encryption makes sense.

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist