AESFS implementation about pyfilesystem HOT 4 CLOSED

Oh wait! I forgot to tell I had to reverted changeset from revision 467 
(RemoteFileBuffer: ensure rfile is closed as soon as we're done with it), 
because RFB is too much aggressive to closing remote file object. I will 
describe it in standalone email soon.

I'm in favour of adding something like this, perhaps in the "contrib" 
namespace, but there are a lot of unanswered questions.  Should it deal with 
generating initialisation vectors? HMACs?  Key versioning?  Should it encrypt 
filenames?  Not to mention the well-known cryptographic weaknesses of 
encrypting on a per-file basis (http://en.wikipedia.org/wiki/EncFS) compared to 
a block-level scheme such as TrueCrypt.

We may run the risk of users assuming that their encrypted filesystem is more 
secure than it actually is, documentation or no.

None of this is to say "don't do it" but just that there are a lot of tradeoffs 
to think about.

Re: the use of RFB, perhaps it should *always* use an RFB in order to allow 
seeking etc regardless of the filesystem in question.  It could use the same 
trick as I recently suggested for working with DAVFS, where it always opens the 
file in "r-" mode and wraps its own RFB around it.   Just a thought...

Of course, you then run the risk of having unencrypted data lying around in 
tempfiles, which the user may not expect.

I know about many weaknesses of current implementation. Currently it fills my 
requirements, but I agree that should *not* be placed into pyfs at this moment. 
It is because implementing vectors etc will change file size, so filesystem 
must be able to change meta information on the fly. There are many other 
problems.

So take it just as proof of concept - I think encryption like this can be 
helpful. Maybe I will implement something better (maybe using GPG internally?) 
soon.

So you can close ticket without adding that to trunk, I'm completely OK with 
that as I implement that mainly for own purposes.

closing this specific ticket, but I think we should certainly keep the general 
idea in mind.