Stephen D. Williams writes:
It occurred to me that it wouldn't be too tough to have one CFSD open a TCP/socket connection to another CFSD and pass file access requests instead of implementing them locally. The encryption of the ssh link and the on disk encryption of CFSD should be a good combination.
The whole point of CFS was that you could mount remote devices that were encrypted and decrypt them locally. CFS acts like a scrim over existing file systems. If the remote machine has your keys on it you've reduced security and, seemingly to me, gained very little. Now, what *would* be really neat would be an implementation of CFS in kernel under 4.4lite using the stacked vnode architecture. It would probably be fairly simple to do it, and you wouldn't have any context switches or the like when cfs'ing... Perry