[clue] Securing data in transit/at rest.

David L. Anselmi anselmi at anselmi.us
Mon Nov 10 20:19:30 MST 2014


Aaron D. Johnson wrote:
> David L. Anselmi writes:
>> What do you mean by authenticity and how does encrypting the file
>> provide that (and more specifically, how does encrypting the file
>> provide it where the SFTP transfer does not)?
>
> If it's encrypted with a public key algorithm (or encrypted with a
> symmetric algorithm and then signed with a public key algorithm), and
> you possess the encrypting party's public key (and that's the whole
> point of public key crypto), you can then be assured the file was
> encrypted by that party and that its contents have not been altered in
> transit.

So you mean a combination of integrity and sender's identity.  I agree that encryption provides 
integrity (as well as confidentiality).  I don't think it provides sender's identity.

But I think that SFTP provides confidentiality and integrity just as well as file encryption (for 
the case where the threat is only to the data in transit, as I explained in another post).  In 
addition, in some (including my) circumstances SFTP provides sender's identity by authenticating the 
person sending the file.  You can't count on that generally but that's my case in this instance.

> Perhaps that's what your security guys are after.  Perhaps not.  Hard
> to say unless their policy docs have a rationale statement for each
> policy.  Heck, _they_ probably don't know themselves.  :)

Yes, so that's my complaint.  Their policy is that files must be encrypted before sending via SFTP. 
  But there's no rationale and if I pin them down I'd bet the answer is they don't know.  Or they'll 
agree but stick to their policy because "more is better" or "it can't hurt".

Dave


More information about the clue mailing list