Re: IETF Chair

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 13, 2020 at 07:22:10PM -0400, Phillip Hallam-Baker wrote:
> The biggest security problem we face today is breach of data at rest, a
> confidentiality problem. But 90% of the efforts of the academy and 99% of
> those of commerce are focused on the Blockchain, an integrity technology.
> Meanwhile it has taken me most of the last five years working in various
> forums to persuade people to look at threshold decryption, a technology
> developed in the 1990s that is actually a confidentiality control capable
> of securing data at rest.

I'd agree, but at the same time, I'll note that securing data at rest
is generally not an issue which is solved via internet protocols and
interoperability guarantees, but rather is something that needs to be
designed in hardware (e.g., trusted key stores, firmware verification)
and in software (trusted boot, multiple layers of encryption in the
software stack, bring your own key for those customers who demand it)
and in operational practices (reduction of people with privileged
access, two person controls, auditing, etc.).

An example of the sorts of things which are needed to secure data at
rest can be found here[1], from my employer, but all cloud providers
should have something similar (or they'd better, if they want to
retain customer trust).

[1] https://cloud.google.com/security/overview/whitepaper

If you look at this, you'll find that most of it is out of scope for
the IETF.

					- Ted




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux