On Fri, Mar 21, 2014 at 06:00:04AM -0700, Nicholas Weaver wrote:
>
> To reply with the obvious: It is IMPOSSIBLE to secure data at rest
> in the context of a webmail system: server control can always enable
> accessing of all documents when the user logs in to check their
> webmail.
It all depends on what you mean by "encrypting data at rest". It begs
the question of who has access to the keys. For example, many hard
drives can do full disk encryption, and so it's relatively easy to set
up so the disk is encrypted when it is on the platter. I do that for
the SSD in my laptop, for example. I do have enter enter my password
when I power up my laptop, so if someone breaks into my machine while
I'm logged in, it won't provide any protection. On the other hand, if
someone steals my laptop while it is powered off, it _does_ provide
protection.
You can also encrypt at the cluster/cloud file system level, so if
someone breaks into an individual GFS or Hadoopfs server (or more
importantly, the system administrators of the cloud file system), they
won't have access to the encrypted data. But if the mail backend
server has the the encryption keys, then someone who breaks into the
webmail server, it won't necessarily help.
So in some sense, encrypting data at rest is actually pretty easy,
adding encryption to hard drive access generally doesn't introduce a
new bottleneck (where as adding encryption to web front ends or for
intra-data center communications can actually be more difficult on
that front). If you are worried about NSA doing bulk surveillance,
protecting the web connections and and intra-data center communication
is actually far more difficult.
Regards,
- Ted
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
