RE: key storage

["Mark Curphey" <mark () curphey com>]

Good call sir!

IMHO you should really not do any key crypto in the DMZ (key generation,
storage, validation, rotation etc). By its nature it's a semi-trusted zone
(de-militarized / bastions). 

The one exception is SSL / TLS where the aim should be to offload it where
the transport terminates i.e. in the dmz.

-----Original Message-----
From: George Capehart [mailto:gwc () acm org] 
Sent: Thursday, September 02, 2004 6:28 PM
To: webappsec () securityfocus com
Subject: Re: key storage

On Tuesday 31 August 2004 09:42, Roman Fail allegedly wrote:
> Wouldn't it be a better practice to have all the encryption/decryption 
> occur on the proxy machine itself?

Rule of thumb:  The piece of the system that has the most vested interest in
the CIA (confidentiality, integrity and availability) of the data should be
where CIA mechanisms are applied.  Put another way, if the data needs to be
encrypted, the piece of the system that produced the data should be the
piece that encrypts it.  The piece of the system (service) that has the most
vested interest in the CIA of incoming data (and the authenticity of the
sender and whether the authenticated sender has the authority to request the
service) should be where the sender is authenticated and authorized and
where the CIA of the data are validated . . .

The proxy is most probably in the DMZ, too.  In the trust hierarchy, the DMZ
is, at best, just slightly more trustworthy than the hinterlands, but not by
much.

Cheers,

George Capehart
--
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925