ietf
[Top] [All Lists]

Re: The CIA mentions us

2017-03-09 15:18:55
On Fri, Mar 10, 2017 at 2:41 AM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
There are two issues

1) Requirements, how should this data be secured?
2) Technology, how can the requirements be met?

I totally agree that transport layer encryption is not enough here. The
security requirement is end to end.

Agreed. IETF typically looks mostly at data-in-transit[1]. However
taking a systems perspective we need to look at data-in-use[2] and
data-at-rest[3] as well. Other important aspects such as key-mgmt also
matter here but I am not sure how much of this falls under the purview
of the IETF.

-- Vinayak
1. https://en.wikipedia.org/wiki/Data_in_transit
2. https://en.wikipedia.org/wiki/Data_in_use
3. https://en.wikipedia.org/wiki/Data_at_rest

<Prev in Thread] Current Thread [Next in Thread>