On Tue, Oct 13, 2020 at 07:22:10PM -0400, Phillip Hallam-Baker wrote: > The biggest security problem we face today is breach of data at rest, a > confidentiality problem. But 90% of the efforts of the academy and 99% of > those of commerce are focused on the Blockchain, an integrity technology. > Meanwhile it has taken me most of the last five years working in various > forums to persuade people to look at threshold decryption, a technology > developed in the 1990s that is actually a confidentiality control capable > of securing data at rest. I'd agree, but at the same time, I'll note that securing data at rest is generally not an issue which is solved via internet protocols and interoperability guarantees, but rather is something that needs to be designed in hardware (e.g., trusted key stores, firmware verification) and in software (trusted boot, multiple layers of encryption in the software stack, bring your own key for those customers who demand it) and in operational practices (reduction of people with privileged access, two person controls, auditing, etc.). An example of the sorts of things which are needed to secure data at rest can be found here[1], from my employer, but all cloud providers should have something similar (or they'd better, if they want to retain customer trust). [1] https://cloud.google.com/security/overview/whitepaper If you look at this, you'll find that most of it is out of scope for the IETF. - Ted
