[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] Re: [P1619-3] OASIS EKMI Article in InformationWeek
Arshad Noor wrote: [snip] > It is my personal belief that the market for storage-device based > encryption will dry up within 3-5 years. Why? Because of the > following: [snip] > Since the market for encrypted storage-devices is not a long-lived one, > how much effort do storage vendors want to put into building XML-based > protocols, libraries, tools and MC applications, when another effort has > reasonable acceptance and traction, and can be easily used to meet the > goals of the storage industry? If storage-industry budgets allow for > duplicating the OASIS work and dealing with the mixed-marketing messages > that customers receive, that's a different issue. However, if you want > to optimize your investments while making the most of the opportunity > that presents itself over the next 3-5 years, then it makes sense to do > the minimum necessary work on the binary protocol and use the OASIS > XML-based protocol where it makes sense. I'm not at all certain that there might not be one legacy use for hardware level storage - archives of historical keys, data and such for later recovery that is software and software version agnostic. If the encryption is done with V1.1 and several years later V3.7 is the version that is in use, how do you recover data from an application that used V1.1? One would not want to retain the weaknesses of V1.1 in V3.7 in order to recover a V1.1 set of data as that would duplicate the LANMAN/NTLM problem. I think careful thought about the legacy issue is in order and, indeed, it may be easiest solved with a low level hardware solution that does not change until the data is migrated off the device. Best, Allen Schaaf - CISSP, C|EH, C|HFI, CEI Information Security & Risk Analyst - Business Process Analyst Training & Instructional Designer - Sr. Documentation Developer Certified Network Security Analyst and Intrusion Forensics Investigator - Certified EC-Council Instructor Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]