In message <20060118185706.GA494@balmung.net-tex.de>, "Stefan 'Kaishakunin' Sch
umacher" writes:
>

>
>In addition to OpenVPN it is handy to use the cryptographic filesystem
>CFS (pkgsrc/security/cfs). CFS works in file system level like an NFS
>daemon plus crypto , so you can leave your files encrypted on the server
>bring them via VPN to your Jornada and decrypt them locally, so the
>cleartext version is only available in the memory of your Jornada.
>

This is why I asked what the problem is, beyond "security".  CFS is a 
good way to protect the content of such files, but it requires open RPC 
access across the Internet to the NFS server.  An IPsec VPN solves that 
problem, but leaves the files unencrypted on the endpoints.  What's 
your threat?

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb