(Trivial reply to groom the subject. If other forks of the thread
continue, I hope the next poster there does the same).
RjS
On 10/14/20 9:19 AM, Theodore Y. Ts'o wrote:
On Tue, Oct 13, 2020 at 07:22:10PM -0400, Phillip Hallam-Baker wrote:
The biggest security problem we face today is breach of data at rest, a
confidentiality problem. But 90% of the efforts of the academy and 99% of
those of commerce are focused on the Blockchain, an integrity technology.
Meanwhile it has taken me most of the last five years working in various
forums to persuade people to look at threshold decryption, a technology
developed in the 1990s that is actually a confidentiality control capable
of securing data at rest.
I'd agree, but at the same time, I'll note that securing data at rest
is generally not an issue which is solved via internet protocols and
interoperability guarantees, but rather is something that needs to be
designed in hardware (e.g., trusted key stores, firmware verification)
and in software (trusted boot, multiple layers of encryption in the
software stack, bring your own key for those customers who demand it)
and in operational practices (reduction of people with privileged
access, two person controls, auditing, etc.).
An example of the sorts of things which are needed to secure data at
rest can be found here[1], from my employer, but all cloud providers
should have something similar (or they'd better, if they want to
retain customer trust).
[1] https://cloud.google.com/security/overview/whitepaper
If you look at this, you'll find that most of it is out of scope for
the IETF.
- Ted
