Re: new feature: client-side, server-side encryption dumptype option
2006-01-05 11:35:57
> > I think it would be helpful for you to write out your assumptions
> > about threats. I am relatively unconcerned with people getting access
> > to my tapes - they are locked up as well as the computers.
>
> They are locked up _today_. Do you know what will happen to them in a
> couple of months/years? I remember at least two cases where big banks
> have lost tapes with sensitive data on them and no one knows where the
> tapes are or who have/had access to them. How do you know that this
> will not happen to your tapes?
I just stumbled over yet an other (current) case of lost backup tapes with
sensitive data on them: Look at http://www.heise.de/newsticker/meldung/67824
Since this page is in german, here's a short summary:
Marriot Hotels has lost backups with address and creditcard data of
206000 customers. [ ... ] A couple of weeks ago the bank ABN Amro has
lost a backup tape with data of 2 million credit users.
> > Really, I am trying to ask you to think about keeping transport and
> > storage encryption conceptually separate, even if you have a mechanism
> > that does both without any bits on the server.
The above examples show that having unencrypted backups is not really a
good idea. So please think once more about it. The only sane way is
the client-encrypted public-key method.
--
No software patents in Europe -- http://nosoftwarepatents.com
-- Josef Wolf -- jw AT raven.inka DOT de --
|
|
|