<div dir="ltr">Encrypting the file before you send it doesn't help protecting the transit of the file. (I vaguely remember, from years ago, that combining certain layered encryption made the contents easier to figure out.) If you need the file encrypted from where it starts, or need it encrypted where it ends up, then encrypting it makes sense. But otherwise it doesn't. <div class="gmail_extra"><br clear="all"><div><div class="gmail_signature">Andrew Diederich<br><a href="mailto:andrewdied@gmail.com" target="_blank">andrewdied@gmail.com</a></div></div>
<br><div class="gmail_quote">On Mon, Nov 10, 2014 at 6:05 PM, Quentin Hartman <span dir="ltr"><<a href="mailto:qhartman@gmail.com" target="_blank">qhartman@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Just to pile on from Aaron, many people refer to this as the distinction between "security in transit" and "security at rest". They are useful phrases for talking about this sort of thing. Ideally you really want to have both, but whether or not it matters for your application is unknown.<span class="HOEnZb"><font color="#888888"><div><br></div><div>QH</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 10, 2014 at 5:53 PM, Aaron D. Johnson <span dir="ltr"><<a href="mailto:adj@fnord.greeley.co.us" target="_blank">adj@fnord.greeley.co.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>David L. Anselmi writes:<br>
> I have a security question too. Should I encrypt a file I'm sending<br>
> over SFTP? (This is just to sanity check my opinion that the<br>
> security guys who say it's a requirement don't know what they're<br>
> talking about.)<br>
<br>
</span>Layered security is good. :) SFTP will encrypt the file as it's<br>
moving across your (and other parties') networks. (Strictly speaking,<br>
SFTP the protocol doesn't encrypt it, but the SSH tranport it uses<br>
does.) Encrypting it before you send it (what are their requirements<br>
there?) means you have confidentiality (and possibly authenticity,<br>
too) at each endpoint.<br>
<br>
What threat model are your security guys defending against? What<br>
threats are you concerned about?<br>
<span><font color="#888888"><br>
- Aaron<br>
</font></span><div><div>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br></div></div>