Re: key storage

[George Capehart <gwc () acm org>]

On Tuesday 31 August 2004 09:42, Roman Fail allegedly wrote:
> Wouldn't it be a better practice to have all the
> encryption/decryption occur on the proxy machine itself?

Rule of thumb:  The piece of the system that has the most vested 
interest in the CIA (confidentiality, integrity and availability) of 
the data should be where CIA mechanisms are applied.  Put another way, 
if the data needs to be encrypted, the piece of the system that 
produced the data should be the piece that encrypts it.  The piece of 
the system (service) that has the most vested interest in the CIA of 
incoming data (and the authenticity of the sender and whether the 
authenticated sender has the authority to request the service) should 
be where the sender is authenticated and authorized and where the CIA 
of the data are validated . . .

The proxy is most probably in the DMZ, too.  In the trust hierarchy, the 
DMZ is, at best, just slightly more trustworthy than the hinterlands, 
but not by much.

Cheers,

George Capehart
-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925