Re: Bruce Schneier on Google Apps. Do you trust Google?

["Ali, Saqib" <docbook.xml () gmail com>]

On Mon, Jul 27, 2009 at 12:07 PM, Kurt Buff<kurt.buff () gmail com> wrote:
> encrypted, and provably so, I don't buy it.

This would entail that the SaaS provider has no means to decrypt the
data i.e. host-proof hosting[1]. I have proposed[2] host-proof hosting
in the past, but only for sensitive data e.g. PII. The problem with
host-proof hosting is that it renders the search useless. If the SaaS
provider has no means to decrypt the data, they can not search through
the data for you.


1. http://en.wikipedia.org/wiki/Host-proof_hosting
2a. 
http://srmsblog.burtongroup.com/2009/01/dlp-sharks-in-the-water-clouds-on-the-horizon.html?cid=6a00d8341e76b553ef011278fc4dd828a4#comment-6a00d8341e76b553ef011278fc4dd828a4
2b. http://bit.ly/3ZByKO

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------